Random popups

Computing.Net > Forums > Security and Virus > Random popups

Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free!

Original Message

Name: kam
Date: February 24, 2008 at 11:11:27 Pacific
Subject: Random popups
OS: XP PROF
CPU/Ram: 240MB
Manufacturer/Model: AMD

Comment:

Msg for jabuck, pls help. I have been getting random popups one of them is online scanner. I done a VundoFix and it found about four threats.
You helped me last time.Thank you in advance.

Can nayone pls tell if my computer is infected. Log from Hijackthis as follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:19, on 26/01/2008
Platform: Windows XP SP2 WinNT 5.

Report Offensive Message For Removal

Response Number 1

Name: jabuck
Date: February 24, 2008 at 11:25:41 Pacific

Reply:

This is the standard spill for vundo, realtime has to be disabled.
Go to the this link:
Disable Realtime Protection
Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.
Please download Atribune's VundoFix.exe from the following site to your desktop:
Vundofix.exe

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files,
click "yes".
Once you click yes, your desktop will go blank as it starts removing
Vundo.
When completed, it will prompt that it will reboot your computer,
click "ok".
Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Please download ComboFix to the desktop from one of the following links:
Link1
Link 2
Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Report Offensive Follow Up For Removal

Response Number 2

Name: kam
Date: February 24, 2008 at 11:41:16 Pacific

Reply:

As requested.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:35, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {234F5CDA-B18B-457A-BEAB-0A9E5D2E8438} - C:\WINDOWS\system32\qopqo.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 2995 bytes

Can nayone pls tell if my computer is infected. Log from Hijackthis as follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:19, on 26/01/2008
Platform: Windows XP SP2 WinNT 5.

Report Offensive Follow Up For Removal

Response Number 3

Name: jabuck
Date: February 24, 2008 at 15:00:59 Pacific

Reply:

Need the combofix log please.

Report Offensive Follow Up For Removal

Response Number 4

Name: kam
Date: February 25, 2008 at 11:49:48 Pacific

Reply:

jabuck
Sorry about the delay but I have done few fixes I dont know if everthing is ok now as I am not getting any pop ups.
Logfile of Trend Micro
HijackThis v2.0.2
Scan saved at 19:28:55, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 2605 bytes
ups.
Can nayone pls tell if my computer is infected. Log from Hijackthis as follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:19, on 26/01/2008
Platform: Windows XP SP2 WinNT 5.

Report Offensive Follow Up For Removal

Response Number 5

Name: kam
Date: February 25, 2008 at 12:08:57 Pacific

Reply:

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.81 [GMT 0:00]
Running from: C:\Documents and Settings\Kamlesh\Local Settings\Temporary Internet Files\Content.IE5\UQ87GNXJ\ComboFix[1].exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.
2008-02-25 22:40 . 2008-02-25 22:40 <DIR> d-------- C:\Program Files\uTorrent
2008-02-25 22:40 . 2008-02-25 22:47 <DIR> d-------- C:\Documents and Settings\Kamlesh\Application Data\uTorrent
2008-02-24 16:37 . 2008-02-24 16:47 294 ---hs---- C:\WINDOWS\system32\krqkycum.ini
2008-02-23 16:05 . 2008-02-23 16:05 0 --a------ C:\HCT645.tmp
2008-02-23 16:05 . 2008-02-23 16:05 0 --a------ C:\HCT644.tmp
2008-02-23 15:06 . 2008-02-24 19:13 <DIR> d-------- C:\VundoFix Backups
2008-02-21 02:10 . 2008-02-23 01:58 <DIR> d-------- C:\Program Files\CCleaner
2008-02-21 02:09 . 2008-02-21 02:09 2,733,928 --a------ C:\pmtimer.exe
2008-02-21 01:59 . 2008-02-21 02:03 <DIR> d-------- C:\Program Files\Water Desktop
2008-02-20 23:14 . 2008-02-20 23:14 9,733,451 --a------ C:\vlc-0.8.6d-win32.exe
2008-02-20 11:56 . 2004-08-04 12:00 2,180,992 --a------ C:\WINDOWS\system32\LOGOOS.EXE
2008-02-20 11:56 . 2008-01-25 23:33 211 --a------ C:\BOOT.BXP
2008-02-19 20:38 . 2008-02-19 20:38 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-02-17 13:44 . 2008-02-17 13:50 <DIR> d-------- C:\Program Files\Vista Start Menu
2008-02-11 20:53 . 2008-02-11 20:53 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-11 20:49 . 2008-02-11 20:55 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-02-10 16:40 . 2008-02-10 16:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-02-05 23:10 . 2008-02-06 15:58 1,956 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-02 22:13 . 2008-02-19 13:22 80 --a------ C:\WINDOWS\webica.ini
2008-02-02 22:10 . 2008-02-02 22:16 <DIR> d-------- C:\Documents and Settings\Kamlesh\Application Data\ICAClient
2008-02-02 09:39 . 2008-02-02 09:39 <DIR> d-------- C:\Documents and Settings\Bhagyashree\Application Data\Webroot
2008-02-02 09:38 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-01 20:26 . 2008-02-01 20:25 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-02-01 20:26 . 2008-02-01 20:25 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-02-01 20:26 . 2008-02-01 20:25 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-02-01 20:00 . 2008-02-01 20:00 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot
2008-02-01 20:00 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-02-01 20:00 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-01 20:00 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-02-01 20:00 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-02-01 19:59 . 2008-02-01 19:59 <DIR> d-------- C:\Program Files\Webroot
2008-02-01 19:59 . 2008-02-01 19:59 <DIR> d-------- C:\Documents and Settings\Kamlesh\Application Data\Webroot
2008-02-01 19:59 . 2008-02-01 19:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
2008-02-01 19:59 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-02-01 19:41 . 2008-02-01 19:59 164 --a------ C:\install.dat
2008-01-31 20:29 . 2008-02-24 16:03 202 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-31 20:25 . 2008-01-31 21:04 <DIR> d-------- C:\Documents and Settings\Kamlesh\Application Data\Ahead
2008-01-31 20:16 . 2004-09-13 12:17 2,146,304 --------- C:\WINDOWS\UNNMP.exe
2008-01-31 20:16 . 2004-09-24 08:59 52,502 --------- C:\WINDOWS\UNNMP.cfg
2008-01-31 20:10 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-31 19:58 . 2004-07-26 17:09 2,023,424 --------- C:\WINDOWS\UNNeroVision.exe
2008-01-31 19:58 . 2004-09-24 08:59 122,326 --------- C:\WINDOWS\UNNeroVision.cfg
2008-01-31 19:58 . 2001-03-08 19:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-01-31 19:57 . 2008-01-31 19:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2008-01-31 19:57 . 2004-07-20 17:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-01-31 19:57 . 2004-07-20 17:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-01-31 19:57 . 2004-07-20 17:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-01-31 19:57 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-01-31 19:57 . 2004-07-20 17:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-01-31 19:57 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-01-31 19:57 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-01-31 19:55 . 2008-01-31 20:16 <DIR> d-------- C:\Program Files\Ahead
2008-01-30 22:25 . 2008-02-26 19:39 55,124,000 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-30 22:25 . 2008-02-26 16:31 646,460 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-30 22:23 . 2008-01-30 22:23 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-01-30 22:21 . 2008-01-30 22:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2008-01-30 22:21 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-01-30 22:21 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-01-30 22:21 . 2008-01-30 22:23 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-30 22:20 . 2008-01-30 22:20 <DIR> d-------- C:\Program Files\Zone Labs
2008-01-30 19:02 . 2008-01-30 19:53 <DIR> d-------- C:\Documents and Settings\Kamlesh\Application Data\Comodo
2008-01-30 19:02 . 2008-01-30 19:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\comodo
2008-01-29 19:49 . 2008-01-29 19:49 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2008-01-29 17:47 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-28 22:54 . 2005-08-25 18:19 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-01-28 22:54 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-01-28 22:53 . 2008-02-24 19:24 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-28 20:17 . 2008-02-23 00:56 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-27 14:41 . 2008-01-27 16:37 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-27 01:20 . 2008-01-27 01:20 2,048 --a------ C:\WINDOWS\system32\drivers\827BD257-2591-4D77-AF00-2C050F4F34EF.cxv
2008-01-27 00:32 . 2008-01-27 00:32 294 ---hs---- C:\WINDOWS\system32\pwsktxkw.ini
2008-01-27 00:08 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-27 00:00 . 2008-01-27 00:00 1,024 --a------ C:\WINDOWS\system32\drivers\9373A663-0E91-4822-A846-F27B91040828.cxv
2008-01-26 23:54 . 2008-01-26 23:54 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-01-26 23:54 . 2008-01-27 14:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
2008-01-26 23:24 . 2008-01-26 23:24 <DIR> d-------- C:\Documents and Settings\Kamlesh\Application Data\STOPzilla!
2008-01-26 22:10 . 2008-02-18 13:14 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-01-26 20:28 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-26 20:28 . 2005-07-06 17:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-26 20:28 . 2005-07-06 17:13 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-26 12:43 . 2008-01-26 12:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-26 12:05 . 2008-01-26 12:05 373 --a------ C:\WINDOWS\wininit.ini
2008-01-26 11:30 . 2008-01-27 00:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-01-26 11:18 . 2008-01-26 11:18 <DIR> d-------- C:\Program Files\Defraggler
2008-01-26 11:03 . 2008-01-26 11:03 <DIR> d---s---- C:\Documents and Settings\Kamlesh\UserData
2008-01-26 02:39 . 2008-01-26 02:39 <DIR> d-------- C:\Documents and Settings\Kamlesh\Application Data\vlc
2008-01-26 00:57 . 2008-01-26 00:57 <DIR> d-------- C:\Documents and Settings\Kamlesh\Application Data\ESET
2008-01-26 00:53 . 2008-02-24 16:05 <DIR> d-------- C:\Program Files\ESET
2008-01-26 00:53 . 2008-01-26 00:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 23:54 2,192,896 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-02-19 23:21 22,528 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-02-19 23:21 1,476,096 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-02-19 23:20 561,664 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-02-19 23:20 1,476,096 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-02-19 22:05 151,040 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-02-19 22:05 1,475,584 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-02-19 19:32 1,773,056 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-19 19:32 1,474,048 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-02-19 00:17 1,471,488 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-18 20:07 391,168 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-18 20:07 1,470,976 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-18 13:33 1,475,072 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-18 12:19 1,452,544 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-18 12:19 1,431,552 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-17 15:46 2,526,208 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-17 08:11 2,664,448 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-08 14:33 --------- d-----w C:\Program Files\Google
2008-02-07 21:28 2,928,640 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-01-29 17:47 --------- d-----w C:\Program Files\Java
2008-01-27 18:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-26 13:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-09 15:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-06 19:06 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-28 20:44 --------- d-----w C:\Program Files\VideoLAN
2007-12-28 19:15 --------- d-----w C:\Program Files\Common Files\LightScribe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-01-30 22:23 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-02-01 20:25 949376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-21 23:21 39792]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 19:38:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-26 19:41:25
ComboFix2.txt 2008-02-25 22:13:23
ComboFix3.txt 2008-01-27 18:37:50

Can nayone pls tell if my computer is infected. Log from Hijackthis as follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:19, on 26/01/2008
Platform: Windows XP SP2 WinNT 5.

Report Offensive Follow Up For Removal


firefox random popups random popups come up internet running slow and random popups ran antivirus and didnt fix	desktop icons gone taskbar doesn't show up random popups random popup ads random popups

Response Number 6

Name: jabuck
Date: February 25, 2008 at 14:53:39 Pacific

Reply:

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\krqkycum.ini
C:\HCT645.tmp
C:\HCT644.tmp
C:\WINDOWS\system32\pwsktxkw.ini

Folder::
C:\VundoFix Backups

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner
Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
Post a new Combofix log.

Report Offensive Follow Up For Removal

Response Number 7

Name: kam
Date: February 26, 2008 at 11:10:42 Pacific

Reply:

Thank You jabuck
logs as requested
---------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, February 27, 2008 7:05:44 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/02/2008
Kaspersky Anti-Virus database records: 581907
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 55931
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 03:56:34
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Kamlesh\Application Data\Webroot\Spy Sweeper\Logs\080227134427.ses Object is locked skipped
C:\Documents and Settings\Kamlesh\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kamlesh\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kamlesh\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kamlesh\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kamlesh\Local Settings\History\History.IE5\MSHist012008022720080228\index.dat Object is locked skipped
C:\Documents and Settings\Kamlesh\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kamlesh\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kamlesh\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS01B467BE-0864-4B13-A7F0-25D8FDA5B376.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS052F7283-AB43-45BA-951D-B22E7A650037.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS088C80EF-B47F-4B9A-9A3D-D772379B00D9.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS09AE20FB-43D6-4711-B01B-3F1A4D51ADDC.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS0E498E7C-B62B-4FA2-BA1C-69169A8E7D15.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS116A3B35-B6BB-4A6C-A60C-98A34D04E7CF.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS150A3A43-9648-4E48-9441-606C63FDE1F4.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS168FC979-8BA3-41EB-BAD0-FDAF402A2606.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS16FDDE03-7116-4A0E-BED5-BD43993C0DA3.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS1C5234E0-9601-465E-A2DE-9FD3DCE2D1F1.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS220D8A50-5F66-4EAA-BA88-2FEE59C73645.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS23488FFF-9528-42F9-91E1-38CCA13D28A1.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS2369582B-917A-4937-8B4D-C332A725AC3F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS257F2F94-1669-44B8-983F-899CB5C9800A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS27B52B80-CF4B-4A88-A072-1183456098A5.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS295EF185-3C4E-460C-9CF9-C0DAAB50D810.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS2B11BD03-25A5-4E41-BB98-629AEAB32F5B.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS31EDBE4C-8C66-4512-9315-1FF006104766.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS33044D65-1565-452D-841C-5142C8DBCD4D.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS3369CAAE-6114-41BB-8D19-9C0FC4105471.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS33DBA544-204D-4CF4-81D4-4E5B9ECB7DE7.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS34CA9441-CDF1-4D0C-B4DB-7F0366AA64E0.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS38A21727-692B-41CF-8176-097907FB0979.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS39BE8A45-0F60-4608-B912-27538C87911B.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS3B1C00D1-4C7A-4DC8-9598-E4880885FBE3.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS3D659677-89A0-4457-BACB-2A13B5723B01.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS3DF6F276-6723-4455-9D90-D121B9B95649.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS3F125B26-DF24-4BBE-B3CB-2413103F9523.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS42CF34F0-6976-4EE6-819E-4CE3A1884A5C.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS441A2121-A7C6-4674-8301-E65413DFBD2B.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS486731EB-A40D-45A4-B129-362EB0515AAF.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS4ADBB91C-F6E6-4CBF-8014-4544272A19E6.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS4B136230-8559-4F5B-A069-BF3BD8B2EE57.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS501276C4-7EB6-462C-B53F-B933BAE8F30B.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS50D708CD-29F6-4D07-A875-B55DA0CA1FD4.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS532CCCC7-3BC1-4A2A-BF1C-B7653FAD1BDF.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS57B18838-B033-4FC0-A4D2-14E21A3E2030.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS6459ADDC-4D25-499A-91DC-B1F91374468A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS65EED2BC-6090-4D86-869F-95A6CD266BA0.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS67307F00-CA7C-4F2E-9400-0B07B6ED3F7E.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS6D8C8323-5A09-45B7-BDA0-A372CE4B6A88.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS6DE7C3D8-1529-4275-846A-5813C82467EA.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS73D4C711-B27C-40EC-A6AD-9C91501AD7F7.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS751B68C7-EC1E-4A95-969D-07537E3337BE.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS75F41FF2-BDEC-408A-BEEC-2BD4F55D033C.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS76ADBD43-8066-46F4-B52B-5924C0B5A9DD.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS77338F80-CD09-4FD8-AA19-F8D5492F78E7.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS7C94B13F-20C5-43CF-9FD6-80647765E8A6.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS87A0202B-085F-45DF-9754-9E9AE64E8F22.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS9098B5BE-75E2-4737-8BD0-F43CBAAD1CDE.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS96294C11-C469-4961-8B47-84F696B92F8C.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS96422432-8268-404E-8D3F-0D046EED0D50.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS975C8F73-DCE8-489B-AC81-EE3650D89AC5.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS9B13954C-8736-4E5E-B73B-8721122BEEFA.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMS9F641749-D088-43F3-9871-6104BC455A28.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSA16C2F46-E274-41F6-9188-DAFCCDF9CA6F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSA1E8B8C7-B3DC-4227-AB5F-B095F86E031D.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSA45E005F-7819-4883-9ACF-2B8C564D1E25.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSAD00CF96-4B98-4EB8-AC37-5667159CAC3A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSAF0B59B8-37AA-4358-9515-2B85321E4981.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSB2A52443-EBFF-4B9F-A523-303FE89C862D.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSB7340B80-3DCD-46C5-895E-D888505B681D.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSB90DB8DE-550C-4AA1-9020-3B9359279A9E.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSB9591F6B-C23F-4B7F-B166-876FAF6700AC.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSC98E1E12-0701-4A07-8C63-C3AD9E4DE76E.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSCC2B0D23-27FA-4806-B482-C4F262B6068A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSCCDFEEA5-A5DE-4D64-A130-E98ED24BD8AD.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSCCF68973-73F4-41C0-8035-0DBDA983F913.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSCDCF6A14-6E6C-4CB5-B120-19EBE0EB4E66.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSD36A2383-AF28-4EB4-8591-57ED8911126B.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSD46964F4-EE1B-4DBD-86DD-563652CA10D3.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSD6872724-7383-4B9F-BA36-DA0480D81A5B.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSD9DFD8DB-0BB1-44BA-8BB8-A96D998EC649.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSDECFC6C5-5023-4593-B668-229F10C0CF4D.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSDFB30CB1-D6BB-40D3-984D-CC7BBE392DFA.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSE102D84A-673D-4CD6-AECA-B9B2A2B75CAE.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSE23BE4C3-A534-4B3A-8905-DD7A9CDDE36C.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSE2633C47-3794-4F83-8F70-84FC42CC955C.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSE3B27541-CCEC-49B0-AEB1-0960B0E18602.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSE5C06C65-E917-45B3-9677-B69E7DB45D65.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSEC53E06F-9EBC-4F09-9B6C-5C3CBFE972DF.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSEDB5E80B-68F6-4346-B31C-36E183BB86D9.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSF00E4FDB-4414-4073-81FA-FB6907BC2EF1.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSF47EE49F-1150-499D-AF27-0C6610310E96.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSF4F42FEC-5D88-431A-A12F-A0622A554EA7.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSF5EA7B5F-D120-449C-8D2F-2228364FCF8F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSF6E1FABC-8EA9-4E8B-88B4-5E16F56A4293.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSF8EFA29B-B308-47D8-8F4D-E9A862322273.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot\Spy Sweeper\Temp\SSMSFF3BB421-E439-4ED0-8AA5-4140CB97FCC6.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.005\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.005\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.005\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.005\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.005\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\Internet Explorer\zyrolyb.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\_restore{D7483350-46E8-4C03-8A16-06E3109AC16C}\RP52\change.log Object is locked skipped
C:\Users\Administrator\Application Data\Adobe\Photoshop Album\3.2\Logse30.txt Object is locked skipped
C:\Users\Administrator\Application Data\Ahead\Nero Burning ROM\NeroHistory.log Object is locked skipped
C:\Users\Administrator\Application Data\Ahead\Nero Burning ROM\UserImages.bmp Object is locked skipped
C:\Users\Administrator\Application Data\Ahead\NeroVision\Direct3D.log Object is locked skipped
C:\Users\Administrator\Application Data\desktop.ini Object is locked skipped
C:\Users\Administrator\Application Data\ICAClient\APPSRV.INI Object is locked skipped
C:\Users\Administrator\Application Data\ICAClient\UISTATE.INI Object is locked skipped
C:\Users\Administrator\Application Data\ICAClient\wfcwin32.log Object is locked skipped
C:\Users\Administrator\Application Data\Leadertech\PowerRegister\PowerReg.dat Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\WLGBM993\2mdn.net\usuallyx728182007.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\WLGBM993\adtraff.com\p9rt5y0u.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\WLGBM993\akimages.metacafe.com\MetacafeFlashVideoPlayer.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\WLGBM993\flash.ngfiles.com\bytesize\bytesize_viewer.swf\bytesize.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\WLGBM993\pennyweb.com\unitIill7281382007.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\WLGBM993\track.webgains.com\wg.swf\231.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\WLGBM993\vidmax.com\com.jeroenwijering.players.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\WLGBM993\www.bbc.co.uk\mediaplayer.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\WLGBM993\www.livevideo.com\flvplayer\flvplayer.swf\UserVolume.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\WLGBM993\www.pkr.com\flash\homepage_07_09_2007.swf\pkr.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\WLGBM993\www.pornhub.com\videoplayer.swf\agriya_flv.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\WLGBM993\www.yourfilehost.com\flash\flvplayer4.swf\UserVolume.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\WLGBM993\www.yourfilehost.com\flash\flvplayer5-inline-ad.swf\UserVolume.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\WLGBM993\www.youtube.com\soundData.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\WLGBM993\www.youtube.com\timeDisplayConfig.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\WLGBM993\www.youtube.com\videostats.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#2mdn.net\settings.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#adtraff.com\settings.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#akimages.metacafe.com\settings.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.ngfiles.com\settings.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pennyweb.com\settings.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#track.webgains.com\settings.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vidmax.com\settings.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.bbc.co.uk\settings.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.livevideo.com\settings.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.pkr.com\settings.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.pornhub.com\settings.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.yourfilehost.com\settings.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol Object is locked skipped
C:\Users\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Address Book\Administrator.wab Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Address Book\Administrator.wab~ Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Credentials\S-1-5-21-861567501-706699826-1060284298-500\Credentials Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\3C83474D61E624A4F9844DF935AFE217 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\5C8DDA36D60247082B142836039F4636 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\6C68A73125F3238F044A8115D96841B6 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\B2F4B1D39F0694C6CDB433BC3CCF1418 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\DC2135CED98D8A4D7C0CEE202BB0B810 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\F5A17C00E427F919C4A49EEF5AD0EE53 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\3C83474D61E624A4F9844DF935AFE217 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\5C8DDA36D60247082B142836039F4636 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\6C68A73125F3238F044A8115D96841B6 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\B2F4B1D39F0694C6CDB433BC3CCF1418 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\DC2135CED98D8A4D7C0CEE202BB0B810 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\F5A17C00E427F919C4A49EEF5AD0EE53 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-861567501-706699826-1060284298-500\6b29ae44e85efac3c72ff4d1865d73f1_cd2176fb-e4b0-43c0-b186-a2625fb95a48 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-861567501-706699826-1060284298-500\83874c3235353d24ea537647df9aca64_cd2176fb-e4b0-43c0-b186-a2625fb95a48 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Document Building Blocks\1033\Building Blocks.dotx Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home Essentials SE.lnk Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\UserData\index.dat Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Office\Groove12.pip Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Office\MSO2057.acl Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Office\MSO3081.acl Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Office\OneNot12.pip Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Office\Recent\Desktop.LNK Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Office\Recent\index.dat Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Office\Recent\New Microsoft Office Word Document.LNK Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Office\Recent\Templates.LNK Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Office\Word12.pip Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\OneNote\12.0\Preferences.dat Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Protect\S-1-5-21-861567501-706699826-1060284298-500\0331d2f5-b70f-475c-a4ff-f50d6551315e Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Protect\S-1-5-21-861567501-706699826-1060284298-500\80947891-e8ad-4fba-9453-a2c72142d1c6 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Protect\S-1-5-21-861567501-706699826-1060284298-500\e5cb09d6-c188-4ecf-8b18-03df15ea610d Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Protect\S-1-5-21-861567501-706699826-1060284298-500\Preferred Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Templates\Normal.dotm Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Templates\OneNote Table Of Contents.onetoc2 Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\UProof\CUSTOM.DIC Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\UProof\ExcludeDictionaryEN0809.lex Object is locked skipped
C:\Users\Administrator\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Users\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\56\26305a78-77c2bad3 Object is locked skipped
C:\Users\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\56\26305a78-77c2bad3.idx Object is locked skipped
C:\Users\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\59\7cbb1c3b-51280475 Object is locked skipped
C:\Users\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\59\7cbb1c3b-51280475.idx Object is locked skipped
C:\Users\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\63\6a80083f-698b8647 Object is locked skipped
C:\Users\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\63\6a80083f-698b8647.idx Object is locked skipped
C:\Users\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\lastAccessed Object is locked skipped
C:\Users\Administrator\Application Data\Sun\Java\Deployment\deployment.properties Object is locked skipped
C:\Users\Administrator\Application Data\Sun\Java\Deployment\security\auth.dat Object is locked skipped
C:\Users\Administrator\Application Data\Sun\Java\jre1.6.0_01\jre1.6.0_01.msi Object is locked skipped
C:\Users\Administrator\Application Data\Symantec\Shared\MyProfile.UserProfile Object is locked skipped
C:\Users\Administrator\Application Data\Symantec\Shared\Sessions\20070830123040831.liveReg Object is locked skipped
C:\Users\Administrator\Application Data\uTorrent\(27 Dec) Today's 2 Amazing Wallpapers @ Desktop-it (90-91) (desktop-it.blogspot.com).torrent Object is locked skipped
C:\Users\Administrator\Application Data\uTorrent\dht.dat Object is locked skipped
C:\Users\Administrator\Application Data\uTorrent\dht.dat.old Object is locked skipped
C:\Users\Administrator\Application Data\uTorrent\Income for Beginners.pdf.torrent Object is locked skipped
C:\Users\Administrator\Application Data\uTorrent\NAV2007xp&vista 10years keygen.-galedo.torrent Object is locked skipped
C:\Users\Administrator\Application Data\uTorrent\resume.dat Object is locked skipped
C:\Users\Administrator\Application Data\uTorrent\resume.dat.old Object is locked skipped
C:\Users\Administrator\Application Data\uTorrent\settings.dat Object is locked skipped
C:\Users\Administrator\Application Data\uTorrent\settings.dat.old Object is locked skipped
C:\Users\Administrator\Cookies\desktop.ini Object is locked skipped
C:\Users\Administrator\Cookies\index.dat Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@2008-version[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@207.67.9[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@a.cricinfo[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@activewin.us.intellitxt[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@ad.yieldmanager[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@ads.ookla[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@adverts.digitalspy.co[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@adz.afterdawn[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@afp.google[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@africa.reuters[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@afterdawn.us.intellitxt[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@afterdawn[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@answers.yahoo[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@ask[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@automatedhome.co[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@avforums[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@bbc.co[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@bbs.adslguide.org[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@bearshare[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@bittorrent[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@bittorrent[3].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@blog.mininova[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@bluewhaleweb[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@bundleway[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@cableforum.co[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@cablehell.co[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@clickaider[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@clickbank[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@content-usa.cricinfo[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@content-www.cricinfo[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@cricbuzz[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@cricinfo[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@digitalspy.co[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@discuss.extremetech[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@esearchvision[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@ezinearticles[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@forum.digitalspy.co[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@forum.doom9[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@forum.mininova[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@forums.afterdawn[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@gameon.co[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@google.co[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@google[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@go[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@infodownloader.blogspot[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@kaotic[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@kontera[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@m.webtrends[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@majorgeeks.us.intellitxt[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@majorgeeks[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@matoumba[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@microsoft[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@mininova[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@mobilefun.co[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@nero[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@office.microsoft[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@onlinestores.metaservices.microsoft[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@p.reuters[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@partypoker[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@pcauthorities[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@photobucket[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@plentyoftorrents[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@poromenos[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@quantserve[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@reuters[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@s211.photobucket[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@sc.intellitxt[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@searching.co[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@secure.signupsecurity[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@snap2it.ntl[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@speakeasy[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@speedtest[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@statcounter[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@theeldergeek.us.intellitxt[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@thinkbroadband[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@torrentreactor[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@tracker.torrentportal[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@uk.reuters[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@utorrent[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@virginmedia[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.bearshare[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.bittorrent[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.comptechlib[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.cricbuzz[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.digitalspy.co[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.eclipsecomputers[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.forum.digitalspy.co[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.googleadservices[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.googleadservices[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.googleadservices[3].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.googleadservices[4].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.googleadservices[5].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.humoron[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.matoumba[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.matoumba[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.matoumba[3].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.microsoft[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.mininova[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.mobilefun.co[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.poromenos[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.searching.co[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.theeldergeek[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.torrentreactor[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.trendsecure[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.virginmedia[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www.warezquality[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@www3.addfreestats[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@wyzo[2].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@yahoo[1].txt Object is locked skipped
C:\Users\Administrator\Cookies\kamlesh@youtube[1].txt Object is locked skipped
C:\Users\Administrator\default.pls Object is locked skipped
C:\Users\Administrator\Desktop\ExtremeTech Discussions - 169. IP Address Help.url Object is locked skipped
C:\Users\Administrator\Desktop\Internet Explorer.lnk Object is locked skipped
C:\Users\Administrator\Desktop\MajorGeeks.com - Download Freeware and Shareware Computer Utilities..url Object is locked skipped
C:\Users\Administrator\Desktop\MetaFrame XP Login.url Object is locked skipped
C:\Users\Administrator\Desktop\MP3 Torrent Downloader, Free Games Downloads, Software Downloads and Downloads for Mobile Phones at CNET.co.uk.url Object is locked skipped
C:\Users\Administrator\Desktop\New Microsoft Office Word Document.docx Object is locked skipped
C:\Users\Administrator\Desktop\Outlook Express.lnk Object is locked skipped
C:\Users\Administrator\Desktop\RVM.url Object is locked skipped
C:\Users\Administrator\Desktop\SpywareBlaster.lnk Object is locked skipped
C:\Users\Administrator\Desktop\Windows Media Player.lnk Object is locked skipped
C:\Users\Administrator\Desktop\µTorrent.lnk Object is locked skipped
C:\Users\Administrator\Favorites\Desktop.ini Object is locked skipped
C:\Users\Administrator\Favorites\Links\Customize Links.url Object is locked skipped
C:\Users\Administrator\Favorites\Microsoft Websites\IE Add-on site.url Object is locked skipped
C:\Users\Administrator\Favorites\Microsoft Websites\IE site on Microsoft.com.url Object is locked skipped
C:\Users\Administrator\Favorites\Microsoft Websites\Marketplace.url Object is locked skipped
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Home.url Object is locked skipped
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Work.url Object is locked skipped
C:\Users\Administrator\Favorites\Microsoft Websites\Welcome to IE7.url Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Adobe\Updater5\aum.log Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\.thumbnails\fail\763c011591935ef2e9276fe4977ed31a.jpeg Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\.thumbnails\fail\99de9783c72a33749fff46e354d6611e.jpeg Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\.thumbnails\fail\ad2e27ba6628c1ee12326a4c6cf07462.jpeg Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\crawlercfg.dat Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\deletable Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\segments Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_13.cfs Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_13.del Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_1i.cfs Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_1i.del Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_2f.cfs Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_2f.del Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_3a.cfs Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_3a.del Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_5c.cfs Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_5c.del Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_b.cfs Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_b.del Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_gk.cfs Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_gk.del Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_h3.cfs Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_h3.del Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_hh.cfs Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_p.cfs Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\SID.db Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\SII.db Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero Home\TVDatabase.db Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero StartSmart\cache\ext.dat Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Ahead\Nero StartSmart\cache\nrm.dat Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Identities\{A2FDE658-9B3A-4799-9B92-7A0BCB5DED8F}\Microsoft\Outlook Express\Deleted Items.dbx Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Identities\{A2FDE658-9B3A-4799-9B92-7A0BCB5DED8F}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Identities\{A2FDE658-9B3A-4799-9B92-7A0BCB5DED8F}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Identities\{A2FDE658-9B3A-4799-9B92-7A0BCB5DED8F}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Identities\{A2FDE658-9B3A-4799-9B92-7A0BCB5DED8F}\Microsoft\Outlook Express\Outbox.dbx Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Identities\{A2FDE658-9B3A-4799-9B92-7A0BCB5DED8F}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Identities\{A2FDE658-9B3A-4799-9B92-7A0BCB5DED8F}\Microsoft\Outlook Express\Sent Items.dbx Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\5WF2ECQB\desktop.ini Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\5WF2ECQB\fwlink[1] Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\M301F3EU\desktop.ini Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\M301F3EU\fwlink[1] Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\P3ER0KCZ\desktop.ini Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\WB3T1P2R\desktop.ini Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\HelpCtr\HelpSessionHistory.dat Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Media Player\LocalMLS_0.wmdb Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Media Player\wmpfolders.wmdb Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Office\ONetConfig\d297bbb34242da50caa3cf452a9e5163.sig Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Office\ONetConfig\d297bbb34242da50caa3cf452a9e5163.xml Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\OneNote\12.0\Backup\OneNote 2007 Guide\Getting Started with OneNote.one (On 06-12-2007).one Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\OneNote\12.0\Backup\OneNote 2007 Guide\More Cool Features.one (On 06-12-2007).one Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\OneNote\12.0\Backup\Personal Notebook\Books, movies, and music.one (On 06-12-2007).one Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\OneNote\12.0\Backup\Personal Notebook\Miscellaneous.one (On 06-12-2007).one Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\OneNote\12.0\Backup\Personal Notebook\Personal information.one (On 06-12-2007).one Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\OneNote\12.0\Backup\Personal Notebook\Recipes.one (On 06-12-2007).one Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\OneNote\12.0\Backup\Personal Notebook\Shopping.one (On 06-12-2007).one Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\OneNote\12.0\Backup\Personal Notebook\To do.one (On 06-12-2007).one Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\OneNote\12.0\Backup\Personal Notebook\Travel.one (On 06-12-2007).one Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\OneNote\12.0\Backup\Unfiled Notes\Unfiled Notes.one (On 06-12-2007).one Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\OneNote\12.0\Backup\Work Notebook\Meeting notes.one (On 06-12-2007).one Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\OneNote\12.0\Backup\Work Notebook\Miscellaneous.one (On 06-12-2007).one Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\OneNote\12.0\Backup\Work Notebook\Planning.one (On 06-12-2007).one Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\OneNote\12.0\Backup\Work Notebook\Project A.one (On 06-12-2007).one Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\OneNote\12.0\Backup\Work Notebook\Project B.one (On 06-12-2007).one Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\OneNote\12.0\Backup\Work Notebook\Research.one (On 06-12-2007).one Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\OneNote\12.0\Backup\Work Notebook\Travel.one (On 06-12-2007).one Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\OneNote\12.0\OneNoteOfflineCache.onecache Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNS.DTD Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNS.XML Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Wyzo\Data\Profiles\v57m3h18.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Wyzo\Data\Profiles\v57m3h18.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Wyzo\Data\Profiles\v57m3h18.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Wyzo\Data\Profiles\v57m3h18.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Wyzo\Data\Profiles\v57m3h18.default\XPC.mfl Object is locked skipped
C:\Users\Administrator\Local Settings\Application Data\Wyzo\Data\Profiles\v57m3h18.default\XUL.mfl Object is locked skipped
C:\Users\Administrator\Local Settings\desktop.ini Object is locked skipped
C:\Users\Administrator\Local Settings\History\desktop.ini Object is locked skipped
C:\Users\Administrator\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Users\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Users\Administrator\Local Settings\History\History.IE5\MSHist012007111920071126\index.dat Object is locked skipped
C:\Users\Administrator\Local Settings\History\History.IE5\MSHist012007112620071203\index.dat Object is locked skipped
C:\Users\Administrator\Local Settings\History\History.IE5\MSHist012007120520071206\index.dat Object is locked skipped
C:\Users\Administrator\Local Settings\History\History.IE5\MSHist012007120620071207\index.dat Object is locked skipped
C:\Users\Administrator\Local Settings\Temp\netfxupdate.log Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\addfavorites[1].jpg Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\ads[1] Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\ads[1].htm Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\astracker[1].js Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\bkg_gls_lt[1].gif Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\CA81ZREO Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\CA9SY6DK Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\CA9UD6VG Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\CAA123EU Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\CABOJH1D Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\CAFRZBHA Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\CAGOGBUP Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\CAHN5ICL Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\CAJT78EK Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\calendar[1] Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\CAMN68NS Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\CAPPJ9L9 Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\CAYMDRG4 Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\CAYU7YEL Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\CAZFC037 Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\check_wht[1] Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\comp8[1].gif Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\ContentLink[1].htm Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\DD[1].gif Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\desktop.ini Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\ea_marketplace[1].gif Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\ea_nav_authors[1].gif Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\ea_search[1].gif Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\George-Chamoun_7591[1].jpg Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\google.co[1].htm Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\KonaGet[1].htm Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\KonaLibBaseRM[1].js Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\mynewsgator[1].gif Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\myyahoo[1].gif Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\postratings-js[1].js Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\record[1].php Object is locked skipped
C:\Users\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3IKD9TA9\RedirectEngine[1] Object is locked skipped
C:\Users\Admi

Report Offensive Follow Up For Removal

Response Number 8

Name: kam
Date: February 26, 2008 at 11:19:20 Pacific

Reply:

ComboFix 08-02-25.3 - Kamlesh 2008-02-27 14:23:11.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.64 [GMT 0:00]
Running from: C:\Documents and Settings\Kamlesh\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kamlesh\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\HCT644.tmp
C:\HCT645.tmp
C:\WINDOWS\system32\krqkycum.ini
C:\WINDOWS\system32\pwsktxkw.ini
.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.
2008-02-26 21:15 . 2008-02-26 21:37 <DIR> d-------- C:\Documents and Settings\Kamlesh\Application Data\LimeWire
2008-02-21 02:10 . 2008-02-23 01:58 <DIR> d-------- C:\Program Files\CCleaner
2008-02-21 02:09 . 2008-02-21 02:09 2,733,928 --a------ C:\pmtimer.exe
2008-02-21 01:59 . 2008-02-21 02:03 <DIR> d-------- C:\Program Files\Water Desktop
2008-02-20 23:14 . 2008-02-20 23:14 9,733,451 --a------ C:\vlc-0.8.6d-win32.exe
2008-02-20 11:56 . 2004-08-04 12:00 2,180,992 --a------ C:\WINDOWS\system32\LOGOOS.EXE
2008-02-20 11:56 . 2008-01-25 23:33 211 --a------ C:\BOOT.BXP
2008-02-19 20:38 . 2008-02-19 20:38 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-02-17 13:44 . 2008-02-17 13:50 <DIR> d-------- C:\Program Files\Vista Start Menu
2008-02-11 20:53 . 2008-02-11 20:53 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-11 20:49 . 2008-02-11 20:55 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-02-10 16:40 . 2008-02-10 16:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-02-05 23:10 . 2008-02-06 15:58 1,956 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-02 22:13 . 2008-02-19 13:22 80 --a------ C:\WINDOWS\webica.ini
2008-02-02 22:10 . 2008-02-02 22:16 <DIR> d-------- C:\Documents and Settings\Kamlesh\Application Data\ICAClient
2008-02-02 09:39 . 2008-02-02 09:39 <DIR> d-------- C:\Documents and Settings\Bhagyashree\Application Data\Webroot
2008-02-02 09:38 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-01 20:26 . 2008-02-01 20:25 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-02-01 20:26 . 2008-02-01 20:25 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-02-01 20:26 . 2008-02-01 20:25 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-02-01 20:00 . 2008-02-01 20:00 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.005\Application Data\Webroot
2008-02-01 20:00 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-02-01 20:00 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-01 20:00 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-02-01 20:00 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-02-01 19:59 . 2008-02-01 19:59 <DIR> d-------- C:\Program Files\Webroot
2008-02-01 19:59 . 2008-02-01 19:59 <DIR> d-------- C:\Documents and Settings\Kamlesh\Application Data\Webroot
2008-02-01 19:59 . 2008-02-01 19:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
2008-02-01 19:59 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-02-01 19:41 . 2008-02-01 19:59 164 --a------ C:\install.dat
2008-01-31 20:29 . 2008-02-24 16:03 202 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-31 20:25 . 2008-01-31 21:04 <DIR> d-------- C:\Documents and Settings\Kamlesh\Application Data\Ahead
2008-01-31 20:16 . 2004-09-13 12:17 2,146,304 --------- C:\WINDOWS\UNNMP.exe
2008-01-31 20:16 . 2004-09-24 08:59 52,502 --------- C:\WINDOWS\UNNMP.cfg
2008-01-31 20:10 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-31 19:58 . 2004-07-26 17:09 2,023,424 --------- C:\WINDOWS\UNNeroVision.exe
2008-01-31 19:58 . 2004-09-24 08:59 122,326 --------- C:\WINDOWS\UNNeroVision.cfg
2008-01-31 19:58 . 2001-03-08 19:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-01-31 19:57 . 2008-01-31 19:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2008-01-31 19:57 . 2004-07-20 17:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-01-31 19:57 . 2004-07-20 17:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-01-31 19:57 . 2004-07-20 17:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-01-31 19:57 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-01-31 19:57 . 2004-07-20 17:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-01-31 19:57 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-01-31 19:57 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-01-31 19:55 . 2008-01-31 20:16 <DIR> d-------- C:\Program Files\Ahead
2008-01-30 22:25 . 2008-02-27 14:30 55,439,392 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-30 22:25 . 2008-02-26 23:09 649,868 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-30 22:23 . 2008-01-30 22:23 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-01-30 22:21 . 2008-01-30 22:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2008-01-30 22:21 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-01-30 22:21 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-01-30 22:21 . 2008-01-30 22:23 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-30 22:20 . 2008-01-30 22:20 <DIR> d-------- C:\Program Files\Zone Labs
2008-01-30 19:02 . 2008-01-30 19:53 <DIR> d-------- C:\Documents and Settings\Kamlesh\Application Data\Comodo
2008-01-30 19:02 . 2008-01-30 19:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\comodo
2008-01-29 19:49 . 2008-01-29 19:49 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2008-01-29 17:47 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-28 22:54 . 2005-08-25 18:19 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-01-28 22:54 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-01-28 22:53 . 2008-02-26 20:18 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-28 20:17 . 2008-02-23 00:56 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-27 14:41 . 2008-01-27 16:37 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-27 01:20 . 2008-01-27 01:20 2,048 --a------ C:\WINDOWS\system32\drivers\827BD257-2591-4D77-AF00-2C050F4F34EF.cxv
2008-01-27 00:08 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-27 00:00 . 2008-01-27 00:00 1,024 --a------ C:\WINDOWS\system32\drivers\9373A663-0E91-4822-A846-F27B91040828.cxv
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 13:43 1,286,618 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-24 16:05 --------- d-----w C:\Program Files\ESET
2008-02-20 23:54 2,192,896 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-02-19 23:21 22,528 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-02-19 23:21 1,476,096 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-02-19 23:20 561,664 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-02-19 23:20 1,476,096 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-02-19 22:05 151,040 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-02-19 22:05 1,475,584 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-02-19 19:32 1,773,056 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-19 19:32 1,474,048 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-02-19 00:17 1,471,488 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-18 20:07 391,168 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-18 20:07 1,470,976 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-18 13:33 1,475,072 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-18 13:14 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-02-18 12:19 1,452,544 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-18 12:19 1,431,552 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-17 15:46 2,526,208 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-17 08:11 2,664,448 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-08 14:33 --------- d-----w C:\Program Files\Google
2008-02-07 21:28 2,928,640 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-01-29 17:47 --------- d-----w C:\Program Files\Java
2008-01-27 18:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-27 14:41 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
2008-01-27 00:23 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-01-26 23:54 --------- d-----w C:\Program Files\Common Files\iS3
2008-01-26 23:24 --------- d-----w C:\Documents and Settings\Kamlesh\Application Data\STOPzilla!
2008-01-26 13:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 12:43 --------- d-----w C:\Program Files\Trend Micro
2008-01-26 11:18 --------- d-----w C:\Program Files\Defraggler
2008-01-26 02:39 --------- d-----w C:\Documents and Settings\Kamlesh\Application Data\vlc
2008-01-26 00:57 --------- d-----w C:\Documents and Settings\Kamlesh\Application Data\ESET
2008-01-26 00:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2008-01-09 15:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-06 19:06 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-28 20:44 --------- d-----w C:\Program Files\VideoLAN
2007-12-28 19:15 --------- d-----w C:\Program Files\Common Files\LightScribe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-01-30 22:23 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-02-01 20:25 949376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-21 23:21 39792]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 14:29:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-27 14:32:36
ComboFix-quarantined-files.txt 2008-02-27 14:32:25
ComboFix2.txt 2008-02-27 14:12:43
ComboFix3.txt 2008-02-26 19:41:27
ComboFix4.txt 2008-02-25 22:13:23
ComboFix5.txt 2008-01-27 18:37:50

Can nayone pls tell if my computer is infected. Log from Hijackthis as follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:19, on 26/01/2008
Platform: Windows XP SP2 WinNT 5.

Report Offensive Follow Up For Removal

Response Number 9

Name: jabuck
Date: February 26, 2008 at 18:07:36 Pacific

Reply:

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX