Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Neessa

8 Posts

985

October 8th, 2006 22:00

Logfile- getting Klone virus alert

Any help is greatly appreciated

AVG keeps giving me warning of Klone (?) can't seem to remove it. Ran trend micro, and panda as well. Only happens with IE or when opening certain programs. It says it's in a system file so I can't remove it.



Logfile of HijackThis v1.99.1
Scan saved at 7:38:58 PM, on 10/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Documents and Settings\Denise\Desktop\New Folder\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: (no name) - {524839A8-2DA8-48B8-AE1C-2802D07C7C50} - C:\WINDOWS\system32\ipslex.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: c:\windows\system32\vtstqol.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: ipslex - C:\WINDOWS\SYSTEM32\ipslex.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Message Edited by Neessa on 10-08-2006 06:45 PM

bamajim

10.4K Posts

October 9th, 2006 15:00


Neessa

Welcome to DCF

First Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

your reply should include
  • your vundofix.txt log
    a fresh Hijackthis log
    bamajim   Graduate of Malware Removal University


    Neessa

    8 Posts

    October 9th, 2006 22:00

    Ok (and thank you for the help)

    Ran the program and it found nothing at all. eek! any other suggestions?

    bamajim

    10.4K Posts

    October 9th, 2006 23:00


    Neessa
     
    Let's do it this way

    Please download the Killbox.
    • Save it to the desktop and run it.
      2) Select " Delete on Reboot", and then select "All files".
      3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

      • C:\WINDOWS\System32\vtstqol.dll
        C:\WINDOWS\System32\ipslex.dll

      4) Return to Killbox, go to the File menu, and choose " Paste from Clipboard".
      5) Click the red-and-white " Delete File" button.  Click " Yes" at the Delete on Reboot prompt.  Click " No" at the Pending Operations prompt.

    Reboot your PC->>Rerun Hijackthis and post a fresh Hijackthis log
     
    bamajim   Graduate of Malware Removal University


    Neessa

    8 Posts

    October 10th, 2006 15:00

    ok, here is the new logfile: (and have to mention again ..thanks for all the help)

    Logfile of HijackThis v1.99.1
    Scan saved at 12:28:44 PM, on 10/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Documents and Settings\Denise\Desktop\New Folder\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
    O2 - BHO: (no name) - {524839A8-2DA8-48B8-AE1C-2802D07C7C50} - C:\WINDOWS\system32\ipslex.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [ShowLOMControl]
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: c:\windows\system32\vtstqol.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: ipslex - ipslex.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    bamajim

    10.4K Posts

    October 10th, 2006 18:00


    Neessa

    You are most welcome

    We still have some Vundo files to deal with, we are going to use Vundofix again, but alter the instructions slightly

    First Run VundoFix
    • At the Main window Rt Click in the Open Box and Select Add Files
      A second window will open
      Copy and paste the following into the file box

      • C:\WINDOWS\system32\vtstqol.dll


      Select Add Files ->>Then Close Window

      Click the Scan for Vundo button.
      Once it's done scanning, click the Remove Vundo button.
      You will receive a prompt asking if you want to remove the files, click YES
      Once you click yes, your desktop will go blank as it starts removing Vundo.
      When completed, it will prompt that it will reboot your computer, click OK.

    Please post the contents of C:\vundofix.txt and a new HiJackThis log.
    • Note: It is possible that VundoFix encountered a file it could not remove.
      In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

    Next rerun Hijackthis and place checks beside the following entries
    • O2 - BHO: (no name) - {524839A8-2DA8-48B8-AE1C-2802D07C7C50} - C:\WINDOWS\system32\ipslex.dll (file missing)
      O20 - AppInit_DLLs: c:\windows\system32\vtstqol.dll
      O20 - Winlogon Notify: ipslex - ipslex.dll (file missing)
    • Close all other open windows except Hijackthis and Select "Fix checked"

    Reboot your PC->>Rerun Hijackthis and post a fresh Hijackthis log

    your reply should include
    • your vundofix.txt
      a fresh Hijackthis log
      bamajim   Graduate of Malware Removal University


      Message Edited by bamajim on 10-10-2006 02:17 PM

      Neessa

      8 Posts

      October 10th, 2006 20:00

      vundo fix still didn't get anything, but I followed the other directions. Here is the new logfile:

      Logfile of HijackThis v1.99.1
      Scan saved at 5:01:49 PM, on 10/10/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\WLTRYSVC.EXE
      C:\WINDOWS\System32\bcmwltry.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
      C:\Program Files\ewido anti-spyware 4.0\guard.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\system32\WLTRAY.exe
      C:\WINDOWS\stsystra.exe
      C:\Program Files\Dell\QuickSet\quickset.exe
      C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
      C:\WINDOWS\system32\igfxsrvc.exe
      C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\ewido anti-spyware 4.0\ewido.exe
      C:\Program Files\NetWaiting\netWaiting.exe
      C:\Program Files\Dell Support\DSAgnt.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Documents and Settings\Denise\Desktop\New Folder\HijackThis.exe

      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
      O4 - HKLM\..\Run: [ShowLOMControl]
      O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
      O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
      O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Global Startup: Digital Line Detect.lnk = ?
      O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
      O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
      O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

      bamajim

      10.4K Posts

      October 10th, 2006 20:00

      Neessa
       
      Did Vundofix say no files were found?
       
      Odd because it removed the file. Hows your PC running now?
       
      bamajim   Graduate of Malware Removal University

      Neessa

      8 Posts

      October 10th, 2006 21:00

      It seems to be ok. The AVG alerts have stopped, and I've been able to open IE without any issues. Fingers crossed that things keep going ok.

      Yeah- Vundofix found nothing. But I did check the files that you said to....maybe that fixed it? Dunno.

      I'm on this laptop all the time, so should see fairly quickly if there are any problems.

      Again- I do appreciate all the help. this has been driving me nuts for a couple weeks.

      bamajim

      10.4K Posts

      October 10th, 2006 22:00


      Neessa

      That's good. I would like to do one more thing to be sure your PC is clean.

      Run an online virus scan called Kaspersky from HERE.
      • 1. Click on " Kaspersky Online Scanner"
        2. A new smaller window will pop up. Press on " Accept". After reading the contents.
        3. Now Kaspersky will update the anti-virus database. Let it run.
        4. Click on " Next"->>" Scan Settings", and make sure the database is set to " extended". And check both the scan options. Then click OK.
        5. Then click on " My Computer". And the scan will start.
        6. Once finished, save a log as ". txt" to the desktop.
      Copy and post the results of the Kaspersky Online scan
       
      bamajim   Graduate of Malware Removal University


      bamajim

      10.4K Posts

      October 11th, 2006 00:00

      Neessa

      No need to get nervous

      For this line housecall6.6\Quarantine it looks like you have or have had TrendMicro.
      These objects are located in the quarantine folder, If you still Have the program, just open and empty the Quarantine folder.

      Your Log is Clean from malware :smileyhappy:
      I appreciate your patience in working through this.
       
      Now that your log is clean
       
      There are some final notes:
      Disable and Enable System Restore.
      • Now that your system is clean, lets create a clean System Restore point
        the instructions are here

      Update Your Java

      • Download the latest version of  Java Runtime Environment (JRE) 5.0 Update 9
      • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
      • Click the "Download" button to the right.
      • Check the box that says: "Accept License Agreement".
      • The page will refresh.
      • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
      • Close any programs you may have running - especially your web browser.
      • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
      • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
      • Click the Remove or Change/Remove button.
      • Repeat as many times as necessary to remove each Java versions.
      • Reboot your computer once all Java components are removed.
      • Then from your desktop double-click on jre-1_5_0_09-windows-i586-p to install the newest version.

      Make your Internet Explorer more secure
      This can be done by following these simple instructions:
      • Open Internet Explorer click Tools->> Options.
        Click Security tab
        Click once on the Internet icon so it becomes highlighted.
        Click Custom Level.
        Change the Download signed ActiveX controls to Prompt
        Change the Download unsigned ActiveX controls to Disable
        Change the Initialise and script ActiveX controls not marked as safe to Disable
        Change the Installation of desktop items to Prompt
        Change the Launching programs and files in an IFRAME to Prompt
        Change the Navigate sub-frames across different domains to Prompt
        When all these settings have been made, click OK.
        If it prompts you to save the settings, press Yes.
        Next press Apply and then OK to exit the Internet Properties page

      Update your Anti Virus Software
       
      Use and maintain a Firewall such as ZoneAlarm
      • The Windows Firewall is good at blocking incoming threats, but not outgoing threats such as "Backdoor Trojans"
        Some others are
        Sygate
        And
        Sunbelt personal
        All of which are free
      Visit Microsoft's Windows Update Site Frequently for critical updates
       
      Backup your Documents and Files and a regular basis
      • To a disc or a USB key, not your Hardrive
      You may want to read this article" So how did I get infected in the first place" by Tony Klein

      surf safe
       
      bamajim   Graduate of Malware Removal University

      Neessa

      8 Posts

      October 11th, 2006 00:00

      here is the kaspersky log (getting nervous)

      -------------------------------------------------------------------------------
      KASPERSKY ONLINE SCANNER REPORT
      Tuesday, October 10, 2006 9:08:23 PM
      Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
      Kaspersky Online Scanner version: 5.0.83.0
      Kaspersky Anti-Virus database last update: 11/10/2006
      Kaspersky Anti-Virus database records: 230502
      -------------------------------------------------------------------------------

      Scan Settings:
      Scan using the following antivirus database: extended
      Scan Archives: true
      Scan Mail Bases: true

      Scan Target - My Computer:
      C:\
      D:\

      Scan Statistics:
      Total number of scanned objects: 54337
      Number of viruses found: 1
      Number of infected objects: 3 / 0
      Number of suspicious objects: 0
      Duration of the scan process: 00:37:05

      Infected Object Name / Virus Name / Last Action
      C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
      C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
      C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
      C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
      C:\Documents and Settings\Denise\.housecall6.6\Quarantine\jkkljki.dll.bac_a03880 Infected: Packed.Win32.Klone.k skipped
      C:\Documents and Settings\Denise\.housecall6.6\Quarantine\mljgfgd.dll.bac_a03880 Infected: Packed.Win32.Klone.k skipped
      C:\Documents and Settings\Denise\.housecall6.6\Quarantine\vtstqol.dll.bac_a03880 Infected: Packed.Win32.Klone.k skipped
      C:\Documents and Settings\Denise\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
      C:\Documents and Settings\Denise\Application Data\Mozilla\Firefox\Profiles\eoeyh1m7.default\cert8.db Object is locked skipped
      C:\Documents and Settings\Denise\Application Data\Mozilla\Firefox\Profiles\eoeyh1m7.default\history.dat Object is locked skipped
      C:\Documents and Settings\Denise\Application Data\Mozilla\Firefox\Profiles\eoeyh1m7.default\key3.db Object is locked skipped
      C:\Documents and Settings\Denise\Application Data\Mozilla\Firefox\Profiles\eoeyh1m7.default\parent.lock Object is locked skipped
      C:\Documents and Settings\Denise\Application Data\Sun\Java\Deployment\log\plugin150_06.trace Object is locked skipped
      C:\Documents and Settings\Denise\Cookies\index.dat Object is locked skipped
      C:\Documents and Settings\Denise\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt Object is locked skipped
      C:\Documents and Settings\Denise\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\Denise\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\Denise\Local Settings\Application Data\Mozilla\Firefox\Profiles\eoeyh1m7.default\Cache\_CACHE_001_ Object is locked skipped
      C:\Documents and Settings\Denise\Local Settings\Application Data\Mozilla\Firefox\Profiles\eoeyh1m7.default\Cache\_CACHE_002_ Object is locked skipped
      C:\Documents and Settings\Denise\Local Settings\Application Data\Mozilla\Firefox\Profiles\eoeyh1m7.default\Cache\_CACHE_003_ Object is locked skipped
      C:\Documents and Settings\Denise\Local Settings\Application Data\Mozilla\Firefox\Profiles\eoeyh1m7.default\Cache\_CACHE_MAP_ Object is locked skipped
      C:\Documents and Settings\Denise\Local Settings\History\History.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\Denise\Local Settings\Temp\hsperfdata_Denise\3680 Object is locked skipped
      C:\Documents and Settings\Denise\Local Settings\Temp\me_cAHbVduDR2hEwy9 Object is locked skipped
      C:\Documents and Settings\Denise\Local Settings\Temp\me_jSBj7QjdhSbCvxy Object is locked skipped
      C:\Documents and Settings\Denise\Local Settings\Temp\me_pU1yhOljZ0hz0mx Object is locked skipped
      C:\Documents and Settings\Denise\Local Settings\Temp\me_Rh4bCwSaB8Yxd4u Object is locked skipped
      C:\Documents and Settings\Denise\Local Settings\Temp\me_xTqClzc8fI8UP72 Object is locked skipped
      C:\Documents and Settings\Denise\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\Denise\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\Denise\ntuser.dat.LOG Object is locked skipped
      C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
      C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
      C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000004.FCS Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
      C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP128\A0012292.dll Object is locked skipped
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP129\change.log Object is locked skipped
      C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
      C:\WINDOWS\Internet Logs\DMMWORK.ldb Object is locked skipped
      C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
      C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
      C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
      C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
      C:\WINDOWS\SchedLgU.Txt Object is locked skipped
      C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
      C:\WINDOWS\Sti_Trace.log Object is locked skipped
      C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
      C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
      C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
      C:\WINDOWS\system32\config\default.LOG Object is locked skipped
      C:\WINDOWS\system32\config\SAM Object is locked skipped
      C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
      C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\SECURITY Object is locked skipped
      C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
      C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
      C:\WINDOWS\system32\config\software.LOG Object is locked skipped
      C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
      C:\WINDOWS\system32\config\system.LOG Object is locked skipped
      C:\WINDOWS\system32\h323log.txt Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
      C:\WINDOWS\Temp\ZLT0009d.TMP Object is locked skipped
      C:\WINDOWS\Temp\ZLT01782.TMP Object is locked skipped
      C:\WINDOWS\wiadebug.log Object is locked skipped
      C:\WINDOWS\wiaservc.log Object is locked skipped
      C:\WINDOWS\WindowsUpdate.log Object is locked skipped

      Scan process completed.

      Was this post helpful?

      View All

      0 events found

      No Events found!

      Top