System alert pop up

Question

booman

16 Years Ago

I'm new at this and definately need help. I have that annoying yellow triangle blinking at me with continued pop ups for security software. The pop up reads: System Alert:Trojan-Spy.Win32@mx. It keeps popping up. It seems that I have tried everything that I know how. I saw this forum and other people who had the same problem. Hope you can help me. I think I have to run hijackthis. Need instructions on how to do it. Thanks in advance to all of you who help all of us out...

windows-virus

2 Contributors
13 Replies
226 Views
1 Week Discussion Span
Latest Post 16 Years Ago Latest Post by MoralTerror

All 13 Replies

MoralTerror 0 Junior Poster

16 Years Ago

Hi booman and welcome to DaniWeb

Please download and install HijackThis . It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis.

Make sure you close down EVERY open window and close ALL browser windows. The only thing that should be open is the HijackThis program.
If it gives you an intro screen, just choose 'Do a system scan and save a log file'.
If not, run a scan and save the log file.
Copy the text file (Ctrl+A then Ctrl+C) and paste it (Ctrl+V) into this thread
Do not fix any entries in HijackThis since they may be harmless.
Make sure to include the System information at the top of the log as well.

MoralTerror 0 Junior Poster

16 Years Ago

Hi booman

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

If your not sure how to disable them then double-check against the list found >>>HERE<<< This list is not all inclusive, if your programs are not listed and you are unsure then please ask before continuing.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

MoralTerror 0 Junior Poster

16 Years Ago

Hi booman

From Control Panel > Add/Remove Programs uninstall the following programs (if they still exist)

Viewpoint
Veiwpont Manager
Viewpoint Media Player

Scan with HijackThis and check the following entries (If they still exist) (make sure not to miss any)

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab

Remember to close all other windows and click Fix Checked

------------------------------

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\SYSTEM32\cpnprt2.cid
C:\WINDOWS\SYSTEM32\npqss.bak1
C:\WINDOWS\SYSTEM32\npqss.bak2
C:\WINDOWS\SYSTEM32\npqss.ini2
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
C:\WINDOWS\pss\MyWebSearch Email Plugin.lnk
C:\WINDOWS\System32\ivoiaz.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\System32\ridmxc.exe
C:\WINDOWS\wupdt.exe
Folder::
C:\Program Files\NetProject
C:\Program Files\se
C:\Program Files\VBouncer
C:\Program Files\Viewpoint
C:\Program Files\Web_Rebates
C:\Program Files\Common Files\WinTools
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eesyavliz]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eqwhzmsu]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ridmxc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search-Exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBundleOuterDL]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]

Save this asCFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at"C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:Download the latest version of Java Runtime Environment (JRE) 6u4 .
Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
In the pull down menu next to Platform select Windows
Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement"
Click Continue
Click on the link to download Windows Offline Installation and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u4-windowsi586-p.exe to install the newest version.

------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database:Extended

Scan Options:Scan Archives
Scan Mail Bases

Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

------------------------------
Required Logs

C:\ComboFix.txt
Kaspersky report
new HijackThis log << taken after the online scan

Please also provide an update on system behaviour

MoralTerror 0 Junior Poster

16 Years Ago

Hi booman

Did you run the CFScript? If so please post C:\ComboFix.txt

Also some of your Kaspersky report is missing, it may need to be attached due to the size of the file.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

booman · Answer 1 · 2008-02-26T02:34:23+00:00

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:00 PM, on 2/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\NetProject\scit.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NetProject\sbmntr.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\FilmLoop Player\FilmLoopService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\WordPerfect Office 11\Programs\CorUpd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E3947FC-80FB-651C-5904-734F220D9D4A} - (no file)
O2 - BHO: e404 helper - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\1203542430.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: (no name) - {7E79A8B9-6D0D-7150-C4D8-A644A68E2264} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9B594A43-EAA4-EAE4-58BF-DC8172D26D26} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (file missing)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoopService.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [C:_Program Files_WordPerfe3a] C:\Program Files\WordPerfect Office 11\Programs\CorUpd.exe /Watch
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124312890156
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://advisor.futuremark.com/global/msc311.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D92D7607-05D9-4DD8-B68B-D458948FB883} (QuickBooks Online Edition Utilities Class v7) - https://accounting.quickbooks.com/v11.292/qboax7.cab
O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Defender Service (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)
O24 - Desktop Component 1: Desktop Uninstall - C:\WINDOWS\warnhp.html

--
End of file - 12561 bytes

booman · Answer 2 · 2008-02-27T02:32:02+00:00

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26, on 2008-02-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\Program Files\FilmLoop Player\FilmLoopService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\WordPerfect Office 11\Programs\CorUpd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (file missing)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoopService.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [C:_Program Files_WordPerfe3a] C:\Program Files\WordPerfect Office 11\Programs\CorUpd.exe /Watch
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124312890156
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://advisor.futuremark.com/global/msc311.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D92D7607-05D9-4DD8-B68B-D458948FB883} (QuickBooks Online Edition Utilities Class v7) - https://accounting.quickbooks.com/v11.292/qboax7.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Defender Service (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)
O24 - Desktop Component 1: Desktop Uninstall - C:\WINDOWS\warnhp.html

--
End of file - 11482 bytes

ComboFix 08-02-25.3 - Kim Hasson 2008-02-26 11:54:44.3 - NTFSx86
Running from: C:\Documents and Settings\Kim Hasson\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Helper
C:\Program Files\Helper\1203542430.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.

2008-02-25 12:30 . 2008-02-25 12:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-25 12:13 . 2008-02-26 11:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-25 12:13 . 2008-02-25 12:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-20 13:20 . 2008-02-20 13:20 <DIR> d-------- C:\Program Files\NetProject
2008-02-20 13:20 . 2008-02-21 08:26 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-17 13:09 . 2008-02-17 13:09 <DIR> d-------- C:\Program Files\Usability Sciences
2008-02-17 13:09 . 2007-09-21 13:24 91,520 --a------ C:\WINDOWS\SYSTEM32\WebIQEngineSetup.exe
2008-02-01 17:33 . 2008-02-01 17:33 <DIR> d-------- C:\Program Files\Coupons
2008-02-01 17:33 . 2008-02-01 17:33 193,880 -rah----- C:\WINDOWS\SYSTEM32\cpnprt2.cid
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 01:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-25 20:12 --------- d-----w C:\Program Files\iTunes
2008-02-25 20:12 --------- d-----w C:\Program Files\iPod
2008-02-25 20:09 --------- d-----w C:\Program Files\QuickTime
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2007-12-31 21:25 --------- d-----w C:\Program Files\Universal
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-12-06 11:01 625,664 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-12-04 18:38 550,912 --sha-w C:\WINDOWS\SYSTEM32\oleaut32.dll
2007-12-04 18:38 550,912 --s-a-w C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
2007-08-15 02:04 76,120 ----a-w C:\Documents and Settings\Aaron Hasson\Application Data\GDIPFONTCACHEV1.DAT
2006-02-02 17:42 62,992 ----a-w C:\Documents and Settings\Kim Hasson\Application Data\GDIPFONTCACHEV1.DAT
2004-10-27 03:00 56,800 -c--a-w C:\Documents and Settings\Aaron\Application Data\GDIPFONTCACHEV1.DAT
2004-08-04 07:56 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56 54,784 --sha-w C:\WINDOWS\SYSTEM32\msvcirt.dll
2004-08-04 07:56 413,696 --sha-w C:\WINDOWS\SYSTEM32\msvcp60.dll
2006-02-24 00:04 345,885 --sh--w C:\WINDOWS\SYSTEM32\npqss.bak1
2006-03-03 02:12 557,639 --sh--w C:\WINDOWS\SYSTEM32\npqss.bak2
2006-03-04 05:59 408,335 --sh--w C:\WINDOWS\SYSTEM32\npqss.ini2
2004-08-04 07:56 83,456 --sha-w C:\WINDOWS\SYSTEM32\olepro32.dll
2004-08-04 07:56 11,776 --sha-w C:\WINDOWS\SYSTEM32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
2008-02-26 11:14 9728 --a------ C:\Program Files\NetProject\sbmdl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2006-08-01 14:35 67112]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"C:_Program Files_WordPerfe3a"="C:\Program Files\WordPerfect Office 11\Programs\CorUpd.exe" [2003-03-07 01:58 57344]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MMTray"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe" [2004-10-08 08:49 131072]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [2002-12-17 14:49 53248]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01 110592]
"FilmLoop"="C:\Program Files\FilmLoop Player\FilmLoopService.exe" [2006-01-04 01:09 1335296]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-10-08 08:49 53248]
"LifeScape Media Detector"="C:\Program Files\Picasa\PicasaMediaDetector" [ ]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 02:03 49263]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 01:04 114741]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Desktop Uninstall

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2003-08-06 01:04 114741 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
--a------ 2003-08-13 07:27 28672 C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eesyavliz]
C:\WINDOWS\System32\ivoiaz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eqwhzmsu]
C:\WINDOWS\System32\ivoiaz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-09-20 08:32 77824 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-09-20 08:35 94208 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 17:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
C:\Program Files\Internet Optimizer\optimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeScape Media Detector]
--------- 2004-04-27 15:02 151552 C:\Program Files\Picasa\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2006-10-27 15:23 566872 c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2006-10-25 15:09 390744 C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-10-08 08:49 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2004-10-08 08:49 131072 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2003-08-26 16:47 204800 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ridmxc]
C:\WINDOWS\System32\ridmxc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search-Exe]
C:\Program Files\se\v11\se.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2001-07-03 08:11 57344 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\Program Files\Spyware Doctor\spydoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tsa]
C:\PROGRA~1\COMMON~1\tsa\tsm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media]
C:\Program Files\TV Media\Tvm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 01:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBundleOuterDL]
C:\Program Files\VBouncer\BundleOuter.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2007-01-04 13:38 112336 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
C:\Program Files\Web_Rebates\WebRebates0.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
C:\WINDOWS\wupdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
C:\Program Files\Common Files\WinTools\WToolsA.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\aolshare\\sysinfo\\sinf.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C97751B1-BF63-4867-87FB-49B72502DBCD}]
C:\Program Files\Microsoft Office\Office10\OfficeXPFirstRun.vbs
.
Contents of the 'Scheduled Tasks' folder
"2008-02-26 11:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-02-25 16:36:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 09:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-02-01 09:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 11:58:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-26 12:00:16
ComboFix-quarantined-files.txt 2008-02-26 19:59:50
ComboFix2.txt 2008-02-26 19:44:50
.
2008-02-13 11:03:48 --- E O F ---

booman · Answer 3 · 2008-02-29T02:40:04+00:00

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29, on 2008-02-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\Program Files\FilmLoop Player\FilmLoopService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\WordPerfect Office 11\Programs\CorUpd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoopService.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [C:_Program Files_WordPerfe3a] C:\Program Files\WordPerfect Office 11\Programs\CorUpd.exe /Watch
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124312890156
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://advisor.futuremark.com/global/msc311.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D92D7607-05D9-4DD8-B68B-D458948FB883} (QuickBooks Online Edition Utilities Class v7) - https://accounting.quickbooks.com/v11.292/qboax7.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Defender Service (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)
O24 - Desktop Component 1: Desktop Uninstall - C:\WINDOWS\warnhp.html

--
End of file - 10706 bytes

KASPERSKY ONLINE SCANNER REPORT
2008-02-28 12:25
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/02/2008
Kaspersky Anti-Virus database records: 585960

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 116516
Number of viruses found 13
Number of infected objects 51
Number of suspicious objects 0
Duration of the scan process 01:23:25

Infected Object Name Virus Name Last Action
C:\!KillBox\temp.fr26A6 Infected: not-a-virus:AdWare.Win32.WebSearch.ar skipped

C:\!KillBox\temp.frFE8C Infected: not-a-virus:AdWare.Win32.WebSearch.ar skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511a0f3f9e960fa97de3d0b74adfc574_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f9ff2874260d0ef9f654d86cf66e2b0_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\68a9d281a41d3ae603294fe3fe7b3d84_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b5250e52f6caf0ff7743cd137de780be_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip/bar/2.bin/F3HISTSW.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip/bar/2.bin/F3SCHMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip/bar/2.bin/F3SCRCTR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip/bar/2.bin/MWSBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip/bar/2.bin/MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip/SrchAstt/2.bin/MWSSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip ZIP: infected - 6 skipped

C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped

C:\Documents and Settings\Kim Hasson\Application Data\FilmLoop\DB\Main.db Object is locked skipped

C:\Documents and Settings\Kim Hasson\Application Data\FilmLoop\Logs\server.log Object is locked skipped

C:\Documents and Settings\Kim Hasson\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped

C:\Documents and Settings\Kim Hasson\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped

C:\Documents and Settings\Kim Hasson\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped

C:\Documents and Settings\Kim Hasson\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped

C:\Documents and Settings\Kim Hasson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-2a5c927e-742b6346.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped

C:\Documents and Settings\Kim Hasson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-2a5c927e-742b6346.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped

C:\Documents and Settings\Kim Hasson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-2a5c927e-742b6346.zip ZIP: infected - 2 skipped

C:\Documents and Settings\Kim Hasson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-50d4f5ca-36eaec45.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped

C:\Documents and Settings\Kim Hasson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-50d4f5ca-36eaec45.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped

C:\Documents and Settings\Kim Hasson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-50d4f5ca-36eaec45.zip ZIP: infected - 2 skipped

C:\Documents and Settings\Kim Hasson\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Kim Hasson\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Kim Hasson\Local Settings\Application Data\ApplicationHistory\sprtcmd.exe.63e7480d.ini.inuse Object is locked skipped

C:\Documents and Settings\Kim Hasson\Local Settings\Application Data\Microsoft\Messenger\brucehasson@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Kim Hasson\Local Settings\Application Data\Microsoft\Messenger\brucehasson@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Kim Hasson\Local Settings\Application Data\Microsoft\Messenger\brucehasson@hotmail.com\SharingMetadata\Working\database_30AC_8C0F_AC8B_CDB2\dfsr.db Object is locked skipped

C:\Documents and Settings\Kim Hasson\Local Settings\Application Data\Microsoft\Messenger\brucehasson@hotmail.com\SharingMetadata\Working\database_30AC_8C0F_AC8B_CDB2\fsr.log Object is locked skipped

C:\Documents and Settings\Kim Hasson\Local Settings\Application Data\Microsoft\Messenger\brucehasson@hotmail.com\SharingMetadata\Working\database_30AC_8C0F_AC8B_CDB2\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Kim Hasson\Local Settings\Application Data\Microsoft\Messenger\brucehasson@hotmail.com\SharingMetadata\Working\database_30AC_8C0F_AC8B_CDB2\tmp.edb Object is locked skipped

C:\Documents and Settings\Kim Hasson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Kim Hasson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Kim Hasson\Local Settings\Application Data\Microsoft\Windows Live Contacts\brucehasson@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Kim Hasson\Local Settings\Application Data\Microsoft\Windows Live Contacts\brucehasson@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Kim Hasson\Local Settings\Application Data\SupportSoft\DellSupportCenter\Kim Hasson\state\logs\sprtcmd.log Object is locked skipped

C:\Documents and Settings\Kim Hasson\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Kim Hasson\Local Settings\temp\~DF59FF.tmp Object is locked skipped

C:\Documents and Settings\Kim Hasson\Local Settings\temp\~DF77FC.tmp Object is locked skipped

C:\Documents and Settings\Kim Hasson\Local Settings\temp\~DF84FA.tmp Object is locked skipped

C:\Documents and Settings\Kim Hasson\Local Settings\temp\~DF88CB.tmp Object is locked skipped

C:\Documents and Settings\Kim Hasson\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Kim Hasson\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Kim Hasson\ntuser.dat Object is locked skipped

C:\Documents and Settings\Kim Hasson\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\AIM6\Install-1.log Object is locked skipped

C:\Program Files\AIM6\Install.log Object is locked skipped

C:\Program Files\Coupons\Coupons.com.url Object is locked skipped

C:\Program Files\Coupons\Uninstall\IRIMG1.JPG Object is locked skipped

C:\Program Files\Coupons\Uninstall\IRIMG2.JPG Object is locked skipped

C:\Program Files\Coupons\Uninstall\IRIMG3.JPG Object is locked skipped

C:\Program Files\Coupons\Uninstall\IRIMG4.JPG Object is locked skipped

C:\Program Files\Coupons\Uninstall\IRIMG5.JPG Object is locked skipped

C:\Program Files\Coupons\Uninstall\IRIMG6.JPG Object is locked skipped

C:\Program Files\Coupons\Uninstall\IRIMG7.JPG Object is locked skipped

C:\Program Files\Coupons\Uninstall\IRIMG8.JPG Object is locked skipped

C:\Program Files\Coupons\Uninstall\uninstall.dat Object is locked skipped

C:\Program Files\Coupons\Uninstall\uninstall.xml Object is locked skipped

C:\Program Files\Coupons\uninstall.exe Object is locked skipped

C:\Program Files\Usability Sciences\WebIQ Engine\config.xml Object is locked skipped

C:\Program Files\Usability Sciences\WebIQ Engine\WebIQEngine.dll Object is locked skipped

C:\Program Files\Usability Sciences\WebIQ Engine\{27FEE9EE-6FB9-4BAB-89FC-120E74AE9968}\WebIQDialog.js Object is locked skipped

C:\Program Files\Usability Sciences\WebIQ Engine\{27FEE9EE-6FB9-4BAB-89FC-120E74AE9968}\WebIQDialog.xsl Object is locked skipped

C:\Program Files\Usability Sciences\WebIQ Engine\{27FEE9EE-6FB9-4BAB-89FC-120E74AE9968}\{0CC0A769-62A0-42C2-BBCB-AC1E0A431AEF}.html Object is locked skipped

C:\Program Files\Usability Sciences\WebIQ Engine\{27FEE9EE-6FB9-4BAB-89FC-120E74AE9968}\{239FA5EF-8576-4507-BE6A-36C10F3E3DE3} Object is locked skipped

C:\Program Files\Usability Sciences\WebIQ Engine\{27FEE9EE-6FB9-4BAB-89FC-120E74AE9968}\{34A4CD26-66A2-4632-B88D-D779ED0D30DD} Object is locked skipped

C:\Program Files\Usability Sciences\WebIQ Engine\{27FEE9EE-6FB9-4BAB-89FC-120E74AE9968}\{88670D3E-B18E-4CBD-9629-73F4FE12444F}.html Object is locked skipped

C:\Program Files\Usability Sciences\WebIQ Engine\{27FEE9EE-6FB9-4BAB-89FC-120E74AE9968}\{91AF3306-970C-47F1-8B57-2422B6DCAD91} Object is locked skipped

C:\Program Files\Usability Sciences\WebIQ Engine\{27FEE9EE-6FB9-4BAB-89FC-120E74AE9968}\{BB20F482-BFCA-4CF0-9CAE-285545AF6955}.html Object is locked skipped

C:\Program Files\Usability Sciences\WebIQ Engine\{27FEE9EE-6FB9-4BAB-89FC-120E74AE9968}\{FAC28CA1-EEC6-4972-82F3-2163CD310CAD} Object is locked skipped

C:\Program Files\Usability Sciences\WebIQ Engine\{C8735613-CBFE-40C7-933E-C23904F012C9}.dll Object is locked skipped

C:\QooBox\Quarantine\C\Program Files\Helper\1203542430.dll.vir Infected: not-a-virus:AdWare.Win32.E404.i skipped

C:\QooBox\Quarantine\C\Program Files\NetProject\sbmdl.dll.vir Infected: Trojan-Downloader.Win32.Zlob.ibe skipped

C:\QooBox\Quarantine\C\Program Files\NetProject\sbmntr.exe.vir Infected: Trojan-Downloader.Win32.Zlob.ibe skipped

C:\QooBox\Quarantine\C\Program Files\NetProject\sbsm.exe.vir Infected: Trojan-Downloader.Win32.Zlob.ibe skipped

C:\QooBox\Quarantine\C\Program Files\NetProject\sbun.exe.vir Infected: Trojan-Downloader.Win32.Zlob.icm skipped

C:\QooBox\Quarantine\C\Program Files\NetProject\scit.exe.vir Infected: not-virus:Hoax.Win32.Gavec.n skipped

C:\QooBox\Quarantine\C\Program Files\NetProject\scm.exe.vir Infected: not-virus:Hoax.Win32.Gavec.n skipped

C:\QooBox\Quarantine\C\Program Files\NetProject\scu.exe.vir Infected: Trojan-Downloader.Win32.Zlob.icn skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wbchha.dll.vir Infected: Trojan-Downloader.Win32.Agent.jke skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1105\A0086575.ocx Infected: not-a-virus:AdWare.Win32.Coupons.h skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1124\A0088936.exe Infected: not-virus:Hoax.Win32.Gavec.n skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1124\A0088937.dll Infected: Trojan-Downloader.Win32.Zlob.ibe skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1124\A0088938.exe Infected: Trojan-Downloader.Win32.Zlob.ibe skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1124\A0088959.exe Infected: not-a-virus:FraudTool.Win32.VirusProtectPro.q skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1125\A0088982.exe Infected: not-virus:Hoax.Win32.Gavec.n skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1125\A0088983.dll Infected: Trojan-Downloader.Win32.Zlob.ibe skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1125\A0088984.exe Infected: Trojan-Downloader.Win32.Zlob.ibe skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1128\A0089402.exe Infected: not-virus:Hoax.Win32.Gavec.n skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1128\A0089403.dll Infected: Trojan-Downloader.Win32.Zlob.ibe skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1128\A0089404.exe Infected: Trojan-Downloader.Win32.Zlob.ibe skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1129\A0089441.exe Infected: not-virus:Hoax.Win32.Gavec.n skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1129\A0089442.dll Infected: Trojan-Downloader.Win32.Zlob.ibe skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1129\A0089443.exe Infected: Trojan-Downloader.Win32.Zlob.ibe skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1130\A0089474.exe Infected: not-virus:Hoax.Win32.Gavec.n skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1130\A0089475.dll Infected: Trojan-Downloader.Win32.Zlob.ibe skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1130\A0089476.exe Infected: Trojan-Downloader.Win32.Zlob.ibe skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1130\A0089499.dll Infected: Trojan-Downloader.Win32.Agent.jke skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1130\A0089560.dll Infected: not-a-virus:AdWare.Win32.E404.i skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1132\A0089681.dll Infected: Trojan-Downloader.Win32.Zlob.ibe skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1132\A0089682.exe Infected: Trojan-Downloader.Win32.Zlob.ibe skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1132\A0089683.exe Infected: Trojan-Downloader.Win32.Zlob.ibe skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1132\A0089684.exe Infected: Trojan-Downloader.Win32.Zlob.icm skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1132\A0089685.exe Infected: not-virus:Hoax.Win32.Gavec.n skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1132\A0089686.exe Infected: not-virus:Hoax.Win32.Gavec.n skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1132\A0089687.exe Infected: Trojan-Downloader.Win32.Zlob.icn skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1135\change.log Object is locked skipped

C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{9502A1EB-E389-4598-ACAF-D8BB4EC76984}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\mcu10.tmp\McAppIns.exe Object is locked skipped

C:\WINDOWS\Temp\mcu10.tmp\mcuninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu10.tmp\Uninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu10.tmp\uninst.ini Object is locked skipped

C:\WINDOWS\Temp\mcu10.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu10.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu10.tmp\vso\44304431.upd Object is locked skipped

C:\WINDOWS\Temp\mcu10.tmp\vso\delta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu10.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped

C:\WINDOWS\Temp\mcu10.tmp\vsocfg.ini Object is locked skipped

C:\WINDOWS\Temp\mcu10.tmp\vsoins.cab Object is locked skipped

C:\WINDOWS\Temp\mcu10.tmp\vsoins.inf Object is locked skipped

C:\WINDOWS\Temp\mcu10.tmp\vsoins.ui Object is locked skipped

C:\WINDOWS\Temp\mcu10.tmp\VsoVer.ini Object is locked skipped

C:\WINDOWS\Temp\mcu102.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu102.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu102.tmp\vso\48474848.upm Object is locked skipped

C:\WINDOWS\Temp\mcu102.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu103.tmp\McAppIns.exe Object is locked skipped

C:\WINDOWS\Temp\mcu103.tmp\mcuninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu103.tmp\Uninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu103.tmp\uninst.ini Object is locked skipped

C:\WINDOWS\Temp\mcu103.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu103.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu103.tmp\VsCfgIns.dll Object is locked skipped

C:\WINDOWS\Temp\mcu103.tmp\vso\delta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu103.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped

C:\WINDOWS\Temp\mcu103.tmp\vso\en-us\us\vso.cab Object is locked skipped

C:\WINDOWS\Temp\mcu103.tmp\vsocfg.ini Object is locked skipped

C:\WINDOWS\Temp\mcu103.tmp\vsoins.cab Object is locked skipped

C:\WINDOWS\Temp\mcu103.tmp\vsoins.inf Object is locked skipped

C:\WINDOWS\Temp\mcu103.tmp\vsoins.ui Object is locked skipped

C:\WINDOWS\Temp\mcu103.tmp\VsoVer.ini Object is locked skipped

C:\WINDOWS\Temp\mcu111.tmp\McAppIns.exe Object is locked skipped

C:\WINDOWS\Temp\mcu111.tmp\mcuninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu111.tmp\Uninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu111.tmp\uninst.ini Object is locked skipped

C:\WINDOWS\Temp\mcu111.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu111.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu111.tmp\vso\44374438.upd Object is locked skipped

C:\WINDOWS\Temp\mcu111.tmp\vso\delta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu111.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped

C:\WINDOWS\Temp\mcu111.tmp\vsocfg.ini Object is locked skipped

C:\WINDOWS\Temp\mcu111.tmp\vsoins.cab Object is locked skipped

C:\WINDOWS\Temp\mcu111.tmp\vsoins.inf Object is locked skipped

C:\WINDOWS\Temp\mcu111.tmp\vsoins.ui Object is locked skipped

C:\WINDOWS\Temp\mcu111.tmp\VsoVer.ini Object is locked skipped

C:\WINDOWS\Temp\mcu12.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu12.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu12.tmp\vso\46994700.upm Object is locked skipped

C:\WINDOWS\Temp\mcu12.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu13.tmp\McAppIns.exe Object is locked skipped

C:\WINDOWS\Temp\mcu13.tmp\mcuninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu13.tmp\Uninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu13.tmp\uninst.ini Object is locked skipped

C:\WINDOWS\Temp\mcu13.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu13.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu13.tmp\VsCfgIns.dll Object is locked skipped

C:\WINDOWS\Temp\mcu13.tmp\vso\45294530.upd Object is locked skipped

C:\WINDOWS\Temp\mcu13.tmp\vso\45304531.upd Object is locked skipped

C:\WINDOWS\Temp\mcu13.tmp\vso\45314532.upd Object is locked skipped

C:\WINDOWS\Temp\mcu13.tmp\vso\45324533.upd Object is locked skipped

C:\WINDOWS\Temp\mcu13.tmp\vso\45334534.upd Object is locked skipped

C:\WINDOWS\Temp\mcu13.tmp\vso\delta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu13.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped

C:\WINDOWS\Temp\mcu13.tmp\vsocfg.ini Object is locked skipped

C:\WINDOWS\Temp\mcu13.tmp\vsoins.cab Object is locked skipped

C:\WINDOWS\Temp\mcu13.tmp\vsoins.inf Object is locked skipped

C:\WINDOWS\Temp\mcu13.tmp\vsoins.ui Object is locked skipped

C:\WINDOWS\Temp\mcu13.tmp\VsoVer.ini Object is locked skipped

C:\WINDOWS\Temp\mcu14.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu14.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu14.tmp\vso\47054706.upm Object is locked skipped

C:\WINDOWS\Temp\mcu14.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu15.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu15.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu15.tmp\vso\47204721.upm Object is locked skipped

C:\WINDOWS\Temp\mcu15.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu17F.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu17F.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu17F.tmp\vso\46784679.upm Object is locked skipped

C:\WINDOWS\Temp\mcu17F.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu19.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu19.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu19.tmp\vso\47024703.upm Object is locked skipped

C:\WINDOWS\Temp\mcu19.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu1A.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu1A.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu1A.tmp\vso\47274728.upm Object is locked skipped

C:\WINDOWS\Temp\mcu1A.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\McAppIns.exe Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\mcuninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\Uninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\uninst.ini Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\VsCfgIns.dll Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\vso\44894490.upd Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\vso\44904491.upd Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\vso\44914492.upd Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\vso\44924493.upd Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\vso\44934494.upd Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\vso\delta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\vso\en-us\us\vso.cab Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\vsocfg.ini Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\vsoins.cab Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\vsoins.inf Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\vsoins.ui Object is locked skipped

C:\WINDOWS\Temp\mcu1A6.tmp\VsoVer.ini Object is locked skipped

C:\WINDOWS\Temp\mcu1C.tmp\McAppIns.exe Object is locked skipped

C:\WINDOWS\Temp\mcu1C.tmp\mcuninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu1C.tmp\Uninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu1C.tmp\uninst.ini Object is locked skipped

C:\WINDOWS\Temp\mcu1C.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu1C.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu1C.tmp\VsCfgIns.dll Object is locked skipped

C:\WINDOWS\Temp\mcu1C.tmp\vso\45064507.upd Object is locked skipped

C:\WINDOWS\Temp\mcu1C.tmp\vso\45074508.upd Object is locked skipped

C:\WINDOWS\Temp\mcu1C.tmp\vso\45084509.upd Object is locked skipped

C:\WINDOWS\Temp\mcu1C.tmp\vso\delta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu1C.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped

C:\WINDOWS\Temp\mcu1C.tmp\vsocfg.ini Object is locked skipped

C:\WINDOWS\Temp\mcu1C.tmp\vsoins.cab Object is locked skipped

C:\WINDOWS\Temp\mcu1C.tmp\vsoins.inf Object is locked skipped

C:\WINDOWS\Temp\mcu1C.tmp\vsoins.ui Object is locked skipped

C:\WINDOWS\Temp\mcu1C.tmp\VsoVer.ini Object is locked skipped

C:\WINDOWS\Temp\mcu1C1.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu1C1.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu1C1.tmp\vso\46184619.upm Object is locked skipped

C:\WINDOWS\Temp\mcu1C1.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu1D.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu1D.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu1D.tmp\vso\46904691.upm Object is locked skipped

C:\WINDOWS\Temp\mcu1D.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu1FD.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu1FD.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu1FD.tmp\vso\46174618.upm Object is locked skipped

C:\WINDOWS\Temp\mcu1FD.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\McAppIns.exe Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\mcuninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\Uninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\uninst.ini Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\VsCfgIns.dll Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\vso\44894490.upd Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\vso\44904491.upd Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\vso\44914492.upd Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\vso\44924493.upd Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\vso\44934494.upd Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\vso\delta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\vso\en-us\us\vso.cab Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\vsocfg.ini Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\vsoins.cab Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\vsoins.inf Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\vsoins.ui Object is locked skipped

C:\WINDOWS\Temp\mcu2.tmp\VsoVer.ini Object is locked skipped

C:\WINDOWS\Temp\mcu20F.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu20F.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu20F.tmp\vso\45504551.upm Object is locked skipped

C:\WINDOWS\Temp\mcu20F.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu21B.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu21B.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu21B.tmp\vso\45864587.upm Object is locked skipped

C:\WINDOWS\Temp\mcu21B.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu237.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu237.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu237.tmp\vso\45834584.upm Object is locked skipped

C:\WINDOWS\Temp\mcu237.tmp\vso\45844585.upm Object is locked skipped

C:\WINDOWS\Temp\mcu237.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu3.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu3.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu3.tmp\vso\46754676.upm Object is locked skipped

C:\WINDOWS\Temp\mcu3.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu32.tmp\McAppIns.exe Object is locked skipped

C:\WINDOWS\Temp\mcu32.tmp\mcuninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu32.tmp\Uninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu32.tmp\uninst.ini Object is locked skipped

C:\WINDOWS\Temp\mcu32.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu32.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu32.tmp\VsCfgIns.dll Object is locked skipped

C:\WINDOWS\Temp\mcu32.tmp\vso\45194520.upd Object is locked skipped

C:\WINDOWS\Temp\mcu32.tmp\vso\45204521.upd Object is locked skipped

C:\WINDOWS\Temp\mcu32.tmp\vso\45214522.upd Object is locked skipped

C:\WINDOWS\Temp\mcu32.tmp\vso\45224523.upd Object is locked skipped

C:\WINDOWS\Temp\mcu32.tmp\vso\45234524.upd Object is locked skipped

C:\WINDOWS\Temp\mcu32.tmp\vso\delta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu32.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped

C:\WINDOWS\Temp\mcu32.tmp\vsocfg.ini Object is locked skipped

C:\WINDOWS\Temp\mcu32.tmp\vsoins.cab Object is locked skipped

C:\WINDOWS\Temp\mcu32.tmp\vsoins.inf Object is locked skipped

C:\WINDOWS\Temp\mcu32.tmp\vsoins.ui Object is locked skipped

C:\WINDOWS\Temp\mcu32.tmp\VsoVer.ini Object is locked skipped

C:\WINDOWS\Temp\mcu35.tmp\McAppIns.exe Object is locked skipped

C:\WINDOWS\Temp\mcu35.tmp\mcuninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu35.tmp\Uninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu35.tmp\uninst.ini Object is locked skipped

C:\WINDOWS\Temp\mcu35.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu35.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu35.tmp\VsCfgIns.dll Object is locked skipped

C:\WINDOWS\Temp\mcu35.tmp\vso\44994500.upd Object is locked skipped

C:\WINDOWS\Temp\mcu35.tmp\vso\45004501.upd Object is locked skipped

C:\WINDOWS\Temp\mcu35.tmp\vso\45014502.upd Object is locked skipped

C:\WINDOWS\Temp\mcu35.tmp\vso\45024503.upd Object is locked skipped

C:\WINDOWS\Temp\mcu35.tmp\vso\45034504.upd Object is locked skipped

C:\WINDOWS\Temp\mcu35.tmp\vso\delta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu35.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped

C:\WINDOWS\Temp\mcu35.tmp\vsocfg.ini Object is locked skipped

C:\WINDOWS\Temp\mcu35.tmp\vsoins.cab Object is locked skipped

C:\WINDOWS\Temp\mcu35.tmp\vsoins.inf Object is locked skipped

C:\WINDOWS\Temp\mcu35.tmp\vsoins.ui Object is locked skipped

C:\WINDOWS\Temp\mcu35.tmp\VsoVer.ini Object is locked skipped

C:\WINDOWS\Temp\mcu378.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu378.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu378.tmp\vso\46194620.upm Object is locked skipped

C:\WINDOWS\Temp\mcu378.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu382.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu382.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu382.tmp\vso\45524553.upm Object is locked skipped

C:\WINDOWS\Temp\mcu382.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu393.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu393.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu393.tmp\vso\46204621.upm Object is locked skipped

C:\WINDOWS\Temp\mcu393.tmp\vso\46214622.upm Object is locked skipped

C:\WINDOWS\Temp\mcu393.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu3D.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu3D.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu3D.tmp\vso\45494550.upm Object is locked skipped

C:\WINDOWS\Temp\mcu3D.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu40B.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu40B.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu40B.tmp\vso\45544555.upm Object is locked skipped

C:\WINDOWS\Temp\mcu40B.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu54D.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu54D.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu54D.tmp\vso\46404641.upm Object is locked skipped

C:\WINDOWS\Temp\mcu54D.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu593.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu593.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu593.tmp\vso\46414642.upm Object is locked skipped

C:\WINDOWS\Temp\mcu593.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu5BA.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu5BA.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu5BA.tmp\vso\46294630.upm Object is locked skipped

C:\WINDOWS\Temp\mcu5BA.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu5CC.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu5CC.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu5CC.tmp\vso\46684669.upm Object is locked skipped

C:\WINDOWS\Temp\mcu5CC.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu5DA.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu5DA.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu5DA.tmp\vso\46814682.upm Object is locked skipped

C:\WINDOWS\Temp\mcu5DA.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu5E.tmp\McAppIns.exe Object is locked skipped

C:\WINDOWS\Temp\mcu5E.tmp\mcuninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu5E.tmp\Uninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu5E.tmp\uninst.ini Object is locked skipped

C:\WINDOWS\Temp\mcu5E.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu5E.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu5E.tmp\VsCfgIns.dll Object is locked skipped

C:\WINDOWS\Temp\mcu5E.tmp\vso\44744475.upd Object is locked skipped

C:\WINDOWS\Temp\mcu5E.tmp\vso\44754476.upd Object is locked skipped

C:\WINDOWS\Temp\mcu5E.tmp\vso\44764477.upd Object is locked skipped

C:\WINDOWS\Temp\mcu5E.tmp\vso\44774478.upd Object is locked skipped

C:\WINDOWS\Temp\mcu5E.tmp\vso\delta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu5E.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped

C:\WINDOWS\Temp\mcu5E.tmp\vsocfg.ini Object is locked skipped

C:\WINDOWS\Temp\mcu5E.tmp\vsoins.cab Object is locked skipped

C:\WINDOWS\Temp\mcu5E.tmp\vsoins.inf Object is locked skipped

C:\WINDOWS\Temp\mcu5E.tmp\vsoins.ui Object is locked skipped

C:\WINDOWS\Temp\mcu5E.tmp\VsoVer.ini Object is locked skipped

C:\WINDOWS\Temp\mcu5E7.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu5E7.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu5E7.tmp\vso\47034704.upm Object is locked skipped

C:\WINDOWS\Temp\mcu5E7.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu5F.tmp\McAppIns.exe Object is locked skipped

C:\WINDOWS\Temp\mcu5F.tmp\mcuninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu5F.tmp\Uninst.dll Object is locked skipped

C:\WINDOWS\Temp\mcu5F.tmp\uninst.ini Object is locked skipped

C:\WINDOWS\Temp\mcu5F.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu5F.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu5F.tmp\VsCfgIns.dll Object is locked skipped

C:\WINDOWS\Temp\mcu5F.tmp\vso\44824483.upd Object is locked skipped

C:\WINDOWS\Temp\mcu5F.tmp\vso\44834484.upd Object is locked skipped

C:\WINDOWS\Temp\mcu5F.tmp\vso\delta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu5F.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped

C:\WINDOWS\Temp\mcu5F.tmp\vsocfg.ini Object is locked skipped

C:\WINDOWS\Temp\mcu5F.tmp\vsoins.cab Object is locked skipped

C:\WINDOWS\Temp\mcu5F.tmp\vsoins.inf Object is locked skipped

C:\WINDOWS\Temp\mcu5F.tmp\vsoins.ui Object is locked skipped

C:\WINDOWS\Temp\mcu5F.tmp\VsoVer.ini Object is locked skipped

C:\WINDOWS\Temp\mcu5F6.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu5F6.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu5F6.tmp\vso\47324733.upm Object is locked skipped

C:\WINDOWS\Temp\mcu5F6.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu611.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu611.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu611.tmp\vso\47254726.upm Object is locked skipped

C:\WINDOWS\Temp\mcu611.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu619.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu619.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu619.tmp\vso\47184719.upm Object is locked skipped

C:\WINDOWS\Temp\mcu619.tmp\vso\47194720.upm Object is locked skipped

C:\WINDOWS\Temp\mcu619.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu63D.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu63D.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu63D.tmp\vso\47554756.upm Object is locked skipped

C:\WINDOWS\Temp\mcu63D.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu6AA.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu6AA.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu6AA.tmp\vso\48254826.upm Object is locked skipped

C:\WINDOWS\Temp\mcu6AA.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu6BF.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu6BF.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu6BF.tmp\vso\48614862.upm Object is locked skipped

C:\WINDOWS\Temp\mcu6BF.tmp\vso\48624863.upm Object is locked skipped

C:\WINDOWS\Temp\mcu6BF.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu6EB.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu6EB.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu6EB.tmp\vso\48404841.upm Object is locked skipped

C:\WINDOWS\Temp\mcu6EB.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu703.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu703.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu703.tmp\vso\48484849.upm Object is locked skipped

C:\WINDOWS\Temp\mcu703.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu704.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu704.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu704.tmp\vso\46794680.upm Object is locked skipped

C:\WINDOWS\Temp\mcu704.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu70D.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu70D.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu70D.tmp\vso\46804681.upm Object is locked skipped

C:\WINDOWS\Temp\mcu70D.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu73A.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu73A.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu73A.tmp\vso\48494850.upm Object is locked skipped

C:\WINDOWS\Temp\mcu73A.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu747.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu747.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu747.tmp\vso\46844685.upm Object is locked skipped

C:\WINDOWS\Temp\mcu747.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu78C.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu78C.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu78C.tmp\vso\46964697.upm Object is locked skipped

C:\WINDOWS\Temp\mcu78C.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu7BB.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu7BB.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu7BB.tmp\vso\47364737.upm Object is locked skipped

C:\WINDOWS\Temp\mcu7BB.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu7BE.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu7BE.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu7BE.tmp\vso\47294730.upm Object is locked skipped

C:\WINDOWS\Temp\mcu7BE.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu7D9.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu7D9.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu7D9.tmp\vso\46704671.upm Object is locked skipped

C:\WINDOWS\Temp\mcu7D9.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu7DC.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu7DC.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu7DC.tmp\vso\47334734.upm Object is locked skipped

C:\WINDOWS\Temp\mcu7DC.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu7F9.tmp\UpdReq.mcaf Object is locked skipped

C

booman · Answer 4 · 2008-02-29T23:53:07+00:00