sorry... took a while
Here is Kapersky... below this is the new Hijackthis Report
KASPERSKY ONLINE SCANNER REPORT
03/02/2008 11:03:46 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/03/2008
Kaspersky Anti-Virus database records: 593624
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics
Total number of scanned objects 123993
Number of viruses found 14
Number of infected objects 43
Number of suspicious objects 8
Duration of the scan process 03:39:58
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb41e33f0ae028a80d2940f6b9d8ad46_7b71fbce-dff3-42c2-9259-d2367eb8daa9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d6c3fc8e5696030685ccd912627dbc4e_7b71fbce-dff3-42c2-9259-d2367eb8daa9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12132006-073706.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite58.zip/backWeb-8876480.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite58.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BraveSentry.zip/xpupdate.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BraveSentry.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BraveSentry2.zip/xpupdate.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BraveSentry2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer2.zip/install.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase1.zip/msbb.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyShredder4.zip/SpyShredder3.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyShredder4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyShredder6.zip/SpyShredder0.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.f skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyShredder6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyShredder8.zip/SpyShredder.exe Infected: not-a-virus:FraudTool.Win32.DrAntispy.f skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyShredder8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TwainTech.zip/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TwainTech.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar1.zip/Bin/4.8.4.0/SbCoreSrv.dll Infected: not-a-virus:AdWare.Win32.HotBar.bz skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar1.zip/Bin/4.8.4.0/SbHostIE.dll Infected: not-a-virus:AdWare.Win32.HotBar.bx skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar1.zip/Bin/4.8.4.0/SbHostOE.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar1.zip/Bin/4.8.4.0/SbHostOL.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar1.zip/Bin/4.8.4.0/SbToolbar.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar1.zip/SBTV/SBTVHelper.dll Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar1.zip ZIP: infected - 6 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar10.zip/SbCoreSrv.dll Infected: not-a-virus:AdWare.Win32.HotBar.bz skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar10.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar11.zip/SbHostIE.dll Infected: not-a-virus:AdWare.Win32.HotBar.bx skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar11.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar12.zip/SbHostOE.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar12.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar2.zip/4.8.4.0/SbCoreSrv.dll Infected: not-a-virus:AdWare.Win32.HotBar.bz skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar2.zip/4.8.4.0/SbHostIE.dll Infected: not-a-virus:AdWare.Win32.HotBar.bx skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar2.zip/4.8.4.0/SbHostOE.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar2.zip/4.8.4.0/SbHostOL.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar2.zip/4.8.4.0/SbToolbar.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar2.zip ZIP: infected - 5 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar8.zip/SbCoreSrv.dll Infected: not-a-virus:AdWare.Win32.HotBar.bz skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar8.zip/SbHostIE.dll Infected: not-a-virus:AdWare.Win32.HotBar.bx skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar8.zip/SbHostOE.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar8.zip/SbHostOL.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar8.zip/SbToolbar.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoAntiSpamBar8.zip ZIP: infected - 5 skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Priyesh Negandhi\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Priyesh Negandhi\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Priyesh Negandhi\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Deleted Items/03 Feb 2004 09:18 from
manmusical9@hathway.com:MAIL TRANSACTION /document.exe Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Priyesh Negandhi\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Deleted Items/03 Feb 2004 16:04 from
jupiter@econdata.com:test/body.zip/body.pif Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Priyesh Negandhi\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Deleted Items/03 Feb 2004 16:04 from
jupiter@econdata.com:test/body.zip Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Priyesh Negandhi\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Deleted Items/03 Feb 2004 17:09 from Mail Delivery Subsystem:Returned mail: se/03 Feb 2004 17:09 from
van.du@verizon.net:hello/text.zip/text.pif Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Priyesh Negandhi\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/Deleted Items/03 Feb 2004 17:09 from Mail Delivery Subsystem:Returned mail: se/03 Feb 2004 17:09 from
van.du@verizon.net:hello/text.zip Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Priyesh Negandhi\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst Mail MS Mail: infected - 5 skipped
C:\Documents and Settings\Priyesh Negandhi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Priyesh Negandhi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Priyesh Negandhi\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5B8AF813-5032-4126-B306-0E1C7CB4BD57} Object is locked skipped
C:\Documents and Settings\Priyesh Negandhi\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Priyesh Negandhi\Local Settings\History\History.IE5\MSHist012008030220080303\index.dat Object is locked skipped
C:\Documents and Settings\Priyesh Negandhi\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Priyesh Negandhi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Priyesh Negandhi\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Priyesh Negandhi\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Vandana Negandhi\My Documents\D2DCmdLog_D.log Object is locked skipped
C:\Documents and Settings\Vandana Negandhi\My Documents\D2DCmdLog_E.log Object is locked skipped
C:\Documents and Settings\Vandana Negandhi\My Documents\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Vandana Negandhi\My Documents\My Music\AlbumArtSmall.jpg Object is locked skipped
C:\Documents and Settings\Vandana Negandhi\My Documents\My Music\AlbumArt_{7CAC1284-A4F8-4C81-800F-2B1A506300D3}_Large.jpg Object is locked skipped
C:\Documents and Settings\Vandana Negandhi\My Documents\My Music\AlbumArt_{7CAC1284-A4F8-4C81-800F-2B1A506300D3}_Small.jpg Object is locked skipped
C:\Documents and Settings\Vandana Negandhi\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Vandana Negandhi\My Documents\My Music\Folder.jpg Object is locked skipped
C:\Documents and Settings\Vandana Negandhi\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Vandana Negandhi\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Vandana Negandhi\My Documents\My Pictures\temp\PICT0001.AVI Object is locked skipped
C:\Documents and Settings\Vandana Negandhi\My Documents\My Pictures\temp\PICT0002.AVI Object is locked skipped
C:\Documents and Settings\Vandana Negandhi\My Documents\My Pictures\temp\PICT0003.AVI Object is locked skipped
C:\Documents and Settings\Vandana Negandhi\My Documents\My Pictures\temp\PICT0005.AVI Object is locked skipped
C:\Documents and Settings\Vandana Negandhi\My Documents\My Pictures\temp\PICT0006.AVI Object is locked skipped
C:\Documents and Settings\Vandana Negandhi\My Documents\My Pictures\temp\PICT0011.AVI Object is locked skipped
C:\Documents and Settings\Vandana Negandhi\My Documents\My Pictures\temp\Thumbs.db Object is locked skipped
C:\Documents and Settings\Vandana Negandhi\My Documents\My Videos\Desktop.ini Object is locked skipped
C:\Documents and Settings\Vandana Negandhi\My Documents\SnagIt Catalog\Studio.bmp Object is locked skipped
C:\Inetpub\catalog.wci\00000002.ps1 Object is locked skipped
C:\Inetpub\catalog.wci\00000002.ps2 Object is locked skipped
C:\Inetpub\catalog.wci\00010002.ci Object is locked skipped
C:\Inetpub\catalog.wci\cicat.fid Object is locked skipped
C:\Inetpub\catalog.wci\cicat.hsh Object is locked skipped
C:\Inetpub\catalog.wci\CiCL0001.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiP10000.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiP20000.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiPT0000.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiSL0001.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiSP0000.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiST0000.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiVP0000.000 Object is locked skipped
C:\Inetpub\catalog.wci\INDEX.000 Object is locked skipped
C:\Inetpub\catalog.wci\propstor.bk1 Object is locked skipped
C:\Inetpub\catalog.wci\propstor.bk2 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\00000002.ps1 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\00000002.ps2 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\00010002.ci Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\cicat.fid Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\cicat.hsh Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiCL0001.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP10000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP20000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiPT0000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSL0001.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSP0000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiST0000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiVP0000.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\INDEX.000 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\propstor.bk1 Object is locked skipped
C:\Program Files\Dell\Support\UI\Search\catalog.wci\propstor.bk2 Object is locked skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\1A2BF137-FE6B-48AE-82AA-54CD84\DDC641DA-96DE-4F52-97D6-B3BC48 Infected: not-a-virus:AdWare.Win32.Background skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010008.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\brix6ie.ocx Infected: not-a-virus:AdWare.Win32.Coupons.b skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\SAIRAM.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F0A4D2A6-126D-414B-AAFB-17149298F3D0}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\ODiag.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\OSession.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\Logfiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\SYSTEM32\Logfiles\W3SVC1\ex080302.log Object is locked skipped
C:\WINDOWS\SYSTEM32\Logfiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\SYSTEM32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_170.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_544.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT02eb7.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT02ef2.TMP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
THE NEW HYJACK REPORT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:04 PM, on 03/02/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\DellSupport\brkrsvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PC-Checkup] "C:\Program Files\Speeditup Free\PCCheckUp.exe" -mini
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe"
O4 - HKCU\..\Run: [Free Internet Eraser] C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe /Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: WFMZ Online Desktop Alert.lnk = ?
O8 - Extra context menu item: &MSN Search -
res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab -
res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?dd0abb3672944ef0b610fe2c26de53c6
O8 - Extra context menu item: Open in new foreground tab -
res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?dd0abb3672944ef0b610fe2c26de53c6
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/ka ... nicode.cabO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
--
End of file - 8522 bytes