here i am, the latest in a long line of people that need yourhelp. went to a bad site and i knew better, but did it anyway. its that darn eupdate thingy. heres my hijack this log Logfile of HijackThis v1.99.1 Scan saved at 10:22:34 PM, on 11/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\ipwins\ipwins.exe C:\Program Files\Common Files\{8C3ABA88-0AE9-1033-0103-060914050001}\Update.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\amVmZg\command.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Network Monitor\netmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\VMware\VMware Player\vmware-authd.exe C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\Common Files\Aol\aoltpspd.exe C:\WINDOWS\explorer.exe C:\DOCUME~1\jeff\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [EntriqMediaTray] "C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Global Startup: Digital Line Detect.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{3505DF66-FCA1-4DDD-8471-0096034B0C64}: NameServer = 205.188.146.145 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\amVmZg\command.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe and my smit fraud log SmitFraudFix v2.124 Scan done at 22:42:26.48, Sat 11/25/2006 Run from C:\Documents and Settings\jeff\My Documents\filez4\setupz\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jeff »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jeff\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\jeff\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End thanks soo much for your help
Hello bigQfan, welcome to aD! Looks like you've got a Vundo infection. Please rename HijackThis.exe to any name of your choice. Run a new scan and post the new log.
i think i renamed it correctly...here you go Logfile of HijackThis v1.99.1 Scan saved at 10:35:06 PM, on 11/26/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\VMware\VMware Player\vmware-authd.exe C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\jeff\My Documents\lojoethat.exe O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\mdadjhrt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {41BB5720-B0FA-4148-9504-4B3B72AA6E19} - C:\WINDOWS\system32\vtsqp.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\system32\ixt0.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [EntriqMediaTray] "C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Global Startup: Digital Line Detect.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: vtsqp - C:\WINDOWS\system32\vtsqp.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winncv32 - winncv32.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Download VundoFix to your desktop. Double-click [bold]VundoFix.exe[/bold] to run it. Click "[bold]Scan for Vundo[/bold]". Once it's done scanning, click "[bold]Remove Vundo[/bold]". You will receive a prompt asking if you want to remove the files, click [bold]YES[/bold]. Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click [bold]OK[/bold]. [bold]Note[/bold]: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. After the restart run a scan only with "lojoethat.exe"(HijackThis) and check these(if there): [bold]O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\mdadjhrt.dll O2 - BHO: (no name) - {41BB5720-B0FA-4148-9504-4B3B72AA6E19} - C:\WINDOWS\system32\vtsqp.dll O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\system32\ixt0.dll (file missing) O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll O20 - Winlogon Notify: vtsqp - C:\WINDOWS\system32\vtsqp.dll O20 - Winlogon Notify: winncv32 - winncv32.dll (file missing) [/bold] Close all windows except HijackThis before clicking "Fix checked". Restart your computer. Please post back with the contents of C:\vundofix.txt along with a new HijackThis log, and also how are thing?
heres the most recent hijack log Logfile of HijackThis v1.99.1 Scan saved at 7:04:15 PM, on 11/27/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\VMware\VMware Player\vmware-authd.exe C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Documents and Settings\jeff\My Documents\lojoethat.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [EntriqMediaTray] "C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Global Startup: Digital Line Detect.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe is this the vundo file you needed? C:\WINDOWS\system32\vtsqp.dll C:\WINDOWS\system32\pqstv.ini C:\WINDOWS\system32\pqstv.bak1 C:\WINDOWS\system32\pqstv.bak2 C:\WINDOWS\system32\pqstv.ini2 C:\WINDOWS\system32\pqstv.tmp
HijackThis log looks good now, and yes even though that's not the full Vundo fix log, it will work. Go here to run [bold]Kaspersky Online Scanner[/bold]. After downloading, click "[bold]My Computer[/bold]" to scan. After scanning, click "[bold]Save report as[/bold]". Save as a text file on the desktop. Post the log in your next reply and also please tell me how things are running...any problems or symptoms?
i thought everything was running well. seems back to normal. but then i ran the kaspersky scan and now i am concerned KASPERSKY ONLINE SCANNER REPORT Tuesday, November 28, 2006 2:04:00 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 28/11/2006 Kaspersky Anti-Virus database records: 232286 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 170733 Number of viruses found: 19 Number of infected objects: 58 / 0 Number of suspicious objects: 0 Duration of the scan process: 01:47:18 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\VMware\vmnetdhcp.leases Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_2352659080_3145728_53674 Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBED.tmp Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{13706DA1-3E42-46C5-8986-EFF63056FEEB}.TmpSBE Object is locked skipped C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped C:\Documents and Settings\jeff\Application Data\Webroot\Spy Sweeper\Logs\061126035354.ses Object is locked skipped C:\Documents and Settings\jeff\Cookies\index.dat Object is locked skipped C:\Documents and Settings\jeff\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\jeff\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\jeff\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\jeff\Local Settings\History\History.IE5\MSHist012006112720061128\index.dat Object is locked skipped C:\Documents and Settings\jeff\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\jeff\NTUser.dat Object is locked skipped C:\Documents and Settings\jeff\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS01CFD65C-A17F-4BFB-82CE-ED1263357106.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS025A203C-A4A0-457C-835F-B8CDE64958F6.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS06571073-9F41-4214-85F4-A14485932940.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0ACB7269-0E72-412F-833F-F3E2BF341C99.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0C1349C5-055B-46BC-B976-34A90417E517.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0D029BFB-1CDC-465E-9B35-29D6B5923696.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0FA3BC42-5F06-41B5-8EE6-AE19765EDE96.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS10C564B5-A626-4FC1-A1E2-F68EEC250A01.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS12F95691-50E0-4D6D-99A1-99B39AC27404.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS14DEB25D-4D10-4ADF-A4E0-46C99975C161.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS158C4A23-3C68-4049-B8A8-F4A42F4B658C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS17013F46-68EC-4C9B-BB7B-FC7586BEE5EE.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS19A78BC4-D330-4E48-A70B-E79A1BE158CA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1A9BDE06-1661-40BB-8D7D-FE4B6213FBBD.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1D2AA286-62F6-43B5-90E8-CC1FE590F61A.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1D723EDC-004B-48CC-B03B-FF348DC462CE.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS22DE6F54-57CF-4D3A-918E-697D0C319BF0.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS23229AA2-137B-4190-A79A-0AFF074A9064.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2B195A00-E23E-41F3-8FDF-42331780B31F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3312B0F9-33D7-46C3-A4ED-997B209EB0B1.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS363DF0D4-532B-4904-B27F-9DF85C450954.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS44A231A0-C31E-4FA9-B63B-6984AB1D8F1C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS47C01AE6-16A3-405D-84DF-43D5964D7942.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4EBB9FF1-97DD-4D26-A8EC-2374B4FD8385.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5155C66E-46E0-4501-8CEB-6B882FE51172.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5269EA60-E0EB-471F-9488-6AA9F832F701.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS549CA87F-6A89-458F-B13D-3603B2A541CA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS55B617C0-3B7C-462E-A550-D8EA14AF438B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS568A890A-F2F8-49CD-8CA7-64E8BE4A32FD.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS58C77230-C275-4CF2-BD6E-F42C0DEB34A3.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5CE4A059-6E23-449E-A32E-95B50DFBF978.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5F19A950-4FC2-423B-B568-C9B099020293.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS61F910DD-2127-47A1-805C-FB121C87CEB3.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS68EF1136-9AFA-40C0-A658-69BD4B4B6B7A.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS69247A82-DD49-4D7F-B956-192CCA03EEB7.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6A0FA593-395E-4C8A-8B9E-CD315FE42DBF.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6AB88EBF-4958-4B4F-84D3-AE0E48616543.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6C015E0E-5728-4F32-9D6B-AE5EFF9B5777.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6E7A6F07-10E9-4F13-924A-6013C3B1564D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6EFB0739-C9A0-4463-BC03-90808CAB5D24.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6F024895-AF24-4D5D-8D70-AE0C971B847D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS71344F87-F302-448D-B34C-29802F5BF737.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS72C35C12-92E8-4062-8454-658EB4CB2FCC.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS72E5A4F5-7F62-4860-A230-6BD5A14EE2E6.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7397D4CB-B13B-421A-8FD8-ACD9C3636BF7.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS76B34935-ACAC-4D1F-AFCC-53D785CF46D6.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS77D65CBF-60F5-47B6-A2DC-AECFDEEB1568.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS78381208-C41F-418A-BCD4-56BC19E52E9A.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS794BA2CE-EBAD-488A-8182-EEBC3FD97CB1.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7B6BAE00-5488-4CB5-84AF-04C0916ADF5C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7F91BAA1-AD5D-4A08-BF5F-7BE3671D96A0.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS83C3EA96-9D4B-4EC7-B284-67447C1AAF79.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS85F56392-FD9D-4895-9A2B-66CF1A4217EF.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8D6F26E8-A422-46EF-AF08-CD39E7746736.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8E574F13-2F6B-4467-AEC0-9CA95617EF2A.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS90B9EA7A-C4EA-45EF-A585-2E65F2429822.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS995E6941-54A5-47DF-8903-0D540976020F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS99FCF5A2-BE96-4478-AC0F-B58E00D97F16.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9B43BD9F-4C42-48BF-920E-6D7AF0ACE68A.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9FCD4507-987F-4E3A-A01A-97898B72824E.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA1BCC106-375C-4C56-B05F-8632D2D99E0F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA4521331-CBF8-4F5D-AE23-57ADA1D0A274.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA710A2CC-E331-46C0-BE3E-F9A344A78B31.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA7ADD44C-289F-4F46-8B20-6AB02FCE5C81.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAB42B633-632A-4784-B99D-91697481FF8B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAFB834DC-2F25-40F8-B363-A31A922B58DB.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAFF1A4E5-2B68-47F5-83D0-B1E290CC909B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB1235817-59F5-4716-9FD3-61A7B4995752.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB4A3FC6B-1A7F-4E5C-A77C-7AA7D0D56431.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB68BC7F5-8103-415C-8EBE-38E7ED5B0166.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBA78E613-F263-4B23-9D9B-95FFBFA68B29.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBD1C7FC3-37D2-41AF-84E8-1A228DD0BE7E.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBE299DD6-FBD2-471B-9262-2D8680549CC8.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBFF07223-485C-45A3-984C-31AE137DE8CC.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC1FC6D3E-7278-4B32-9FF4-2935FAD1954D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC2209784-4AC0-4D7F-81FC-1294F239D90D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC51C5FE1-563C-4E31-B422-54CB6246847C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC8F084CB-1BE5-4384-A714-2D0682439983.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCEE76CCB-FC68-4B31-B5EE-32AB6BF06612.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCEFA5C17-2AE3-4E31-B871-2A53C9B07E5B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD7FBF165-9F8E-4DB8-8E62-BC1B25117759.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD86DDC96-1CE7-43B2-A621-4B944202A2EB.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDBD2D86A-319E-4C8D-807C-FB0271155EA1.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE08BCAA0-2E3F-4A7B-BDCC-F31CC4494161.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE28C93C1-924A-4679-966F-FA51703A0C80.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE4AD02F0-78D3-4BA2-A18B-BA718EA26D56.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF19C28A8-FA06-457E-8AE6-5B362C07A54C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF3D0BD11-54A6-4B15-ABCC-0DD1558DD6BE.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF8B336D2-D6EC-4F1F-9578-9FA545CA60F2.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF969F14F-118D-477E-B913-2D61BEE87B67.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFF4651EF-9BBA-42A8-B568-731162C533B8.tmp Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1C.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped C:\Program Files\Trend Micro\Internet Security 12\Quarantine\21.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2B.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2B8.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3FA.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped C:\Program Files\Trend Micro\Internet Security 12\Quarantine\40.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped C:\Program Files\Trend Micro\Internet Security 12\Quarantine\407.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped C:\Program Files\Trend Micro\Internet Security 12\Quarantine\4A.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP230\A0025973.dll Infected: Packed.Win32.Klone.t skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP232\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{A6F8D92B-2612-4B15-A67B-959A7EF3199C}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{8A85B3F9-30DE-437B-A885-FB131C239100}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_2e8.dat Object is locked skipped C:\WINDOWS\Temp\vmware-vmount.log Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\54E23252 Infected: Trojan-Downloader.Win32.Small.ij skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55AC5D73 Infected: Backdoor.Win32.Delf.da skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4316663C Infected: Trojan.Win32.Delf.d skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55B0076F Infected: Trojan-Proxy.Win32.WinGater skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\58DD5DF0.dll Infected: Trojan.Win32.Delf.d skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\59696B56 Infected: Email-Worm.Win32.Sobig.e skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6B1E0FDA.exe Infected: Backdoor.Win32.Delf.da skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\750E52EB Infected: Trojan-Proxy.Win32.WinGater skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02EF43A5/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02EF43A5/Deftone.class Infected: Trojan.Java.ClassLoader.c skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02EF43A5/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02EF43A5 ZIP: infected - 3 skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02EF43A5 CryptFF: infected - 3 skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02FC6B96/BlackBox.class Infected: Exploit.Java.ByteVerify skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02FC6B96/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02FC6B96/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02FC6B96/Beyond.class Infected: Trojan.Java.Needy.a skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02FC6B96 ZIP: infected - 4 skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02FC6B96 CryptFF: infected - 4 skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03023F8F Infected: Exploit.Java.ByteVerify skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03405D4B/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.e skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03405D4B/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03405D4B/WebCounter.class Infected: Trojan.Java.ClassLoader.c skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03405D4B/a.class Infected: Trojan.Java.Shiwow skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03405D4B ZIP: infected - 4 skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03405D4B CryptFF: infected - 4 skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35E252A8/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.e skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35E252A8/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35E252A8/WebCounter.class Infected: Trojan.Java.ClassLoader.c skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35E252A8/a.class Infected: Trojan.Java.Shiwow skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35E252A8 ZIP: infected - 4 skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35E252A8 CryptFF: infected - 4 skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\036B7F1C/BlackBox.class Infected: Exploit.Java.ByteVerify skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\036B7F1C/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\036B7F1C ZIP: infected - 2 skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\036B7F1C CryptFF: infected - 2 skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\038B22F8/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\038B22F8/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\038B22F8/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\038B22F8/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\038B22F8 ZIP: infected - 4 skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\038B22F8 CryptFF: infected - 4 skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\038F4CF5 Infected: Trojan.Java.ClassLoader.Dummy.e skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\40A62297 Infected: Trojan.Java.ClassLoader.Dummy.c skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7FA47211 Infected: Exploit.Java.ByteVerify skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7B783023 Infected: Trojan-Proxy.Win32.WinGater skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6C5B09E3.htm Infected: Exploit.HTML.Mht skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05366802.htm Infected: Exploit.HTML.Mht skipped E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1D984C5B.exe Infected: Email-Worm.Win32.Bagle.g skipped E:\desktop stuff\New Folder\Ahead.Nero.Burning.ROM.v6.6.0.3.Ultra.Edition.Incl.Keygen.WORKING-ORiON\Keygen.exe Object is locked skipped Scan process completed.
Heh, yeah, one of those is serious. The backdoor Delf.d and Delf.da are something to worry about. Backdoors allow others control over the computer and anything could have been changed without your knowing about it. Meaning your computer's security could be compromised. There is good new though. Normally, when someone has a backdoor it is recommended that the computer be reformatted, but I don't think that is necessary in your case. I don't think it's that serious. Also, everything looks like it is in a quarantine or in the System Restore folder. Meaning nothing is getting out to become active. Go here and download [bold]CCleaner[/bold]. [bold]Note[/bold]: If you do not want [bold]Yahoo! Toolbar[/bold] uncheck the option when installing. Open [bold]CCleaner[/bold]. Click [bold]Options[/bold] > [bold]Advance[/bold] > uncheck "Only delete files in Windows Temp folders older than 48 hours". Close all windows. Click Cleaner > [bold]Run Cleaner[/bold]. I'm a bit confused why Norton's quarantine folder is still on your computer. I'm assuming you uninstalled Norton since it is not showing in your HjT log. In the case that you did uninstall it, you can just delete the quarantine folder. If you didn't uninstall Norton, just empty the quarantine. Empty Spy Sweeper's and Trend Micro's quarantine also. Then, clean the System Restore folder by turning it off. Right click [bold]My Computer[/bold] > [bold]Properties[/bold] > [bold]System Restore tab[/bold] > check "[bold]Turn off System Restore[/bold]". Click [bold]Apply[/bold], then [bold]OK[/bold]. Restart and turn System Restore back on. I would like to be sure nothing else is present, so let's run one last scan. Go here to run [bold]ActiveScan[/bold]. Click "[bold]Panda ActiveScan[/bold]. Fill in the form with your information. After downloading, click [bold]My Computer[/bold] to scan. When it finishes, click "[bold]See Report[/bold]". Click "[bold]Save report[/bold]" and save it to the desktop. If anything other than cookies is found post the log. Otherwise, you will be clean.
ok...here is the latest...lemme know what you think Incident Status Location Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@2o7[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@ads.pointroll[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@advertising[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@atwola[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@com[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@doubleclick[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@fastclick[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@mediaplex[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@questionmarket[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@serving-sys[2].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@zedo[1].txt Adware:Adware/WebSearch Not disinfected C:\Documents and Settings\jeff\My Documents\backups\backup-20061127-185646-475.dll Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\jeff\My Documents\filez4\setupz\SmitfraudFix\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\jeff\My Documents\filez4\setupz\SmitfraudFix.zip[SmitfraudFix/Process.exe] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\LocalService\Cookies\system@fastclick[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\LocalService\Cookies\system@media.fastclick[2].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\SmitfraudFix[1].zip[SmitfraudFix/Process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\LocalService\My Documents\SmitfraudFix.zip[SmitfraudFix/Process.exe] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\tess\Cookies\tess@doubleclick[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\tess\Cookies\tess@hitbox[1].txt Virus:Eicar.Mod Not disinfected C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm] Possible Virus. Not disinfected C:\VundoFix Backups\vtsqp.dll.bad Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hgghihe.dll also wanted to ask, i have this Trend-Micro running at all times, yet it let me get the Vundo thing to begin with. Is Trend-Micro pretty much worthless? you have been a great help and i really appreciate it. thank you
You're welcome. Looking better, just some cookies, a couple backups and one Vundo file left. Double-click VundoFix.exe to run it. Right click inside the white Window. Select Add More Files? from the menu that comes up. This will open a new VundoFix window. In the Window: copy/paste the following in the first field: [bold]C:\WINDOWS\system32\hgghihe.dll [/bold] Copy/paste the following in the second field: [bold]C:\WINDOWS\system32\hgghihe.*[/bold] Click the Add Files button. Click the Close Window button. Click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your computer, click OK. Turn your computer back on. Run CCleaner to clean the cookies. Delete these folders to remove the backups. C:\Documents and Settings\jeff\My Documents\backups C:\[bold]VundoFix Backups[/bold] You'll be clean after that. No, I wouldn't say it's worthless. Vundo is the number 2 most common infection going around right now, so you're not alone. It can get past almost all anti-virus programs. You just have to be more careful online. Or better yet, switch to Firefox. The reason Vundo is allowed to infect is because of Internet Explorer, if you wasn't using IE, you probably wouldn't have gotten Vundo...just a thought.
