[Mercuryrose88]

Hello! Thank you in advance for reading this post.

I recently received an MSN instant message from a friend, sending me a link to a picture asking me if it was me. I clicked the link and nothing happened, only to find a file on my desktop labeled Picture53_msn-image. Later on I found out from that friend that she received some virus that went through her MSN friend list and sent this link to all of us.

We tried to delete it, and eventually we managed to end the process, and delete it. However, the next morning when I turned on my laptop, my internet explorer browser kept popping up, with McAfee saying that something was trying to access my computer, and that I needed to download new anti-spyware. I immediately new something was wrong, when I already had anti-spyware. I ran SpyBot and McAfee, and only SpyBot found something, this file called Smitfraud-C.CoreService.

I tried restarting with SpyBot running before any applications ran, and it still could not delete the file. I went into safe mode and went directly into the file pathway to delete it and at first I thought I had deleted it, when I ran SpyBot again, it was still there.

I have downloaded Smitfraudfix.exe but I haven't tried running it since I've read posts that said it was only compatible with Windows XP and 2000.

I've tried deleting McAfee and using AVG but AVG has not been able to find and delete the file as well.

Please help me, I would greatly appreciate it, as I am a college student and live on my laptop. Thank you again! ^_^

[Advertisements]

Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[Rorschach112]

Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[Mercuryrose88]

Thank you for helping me again! Unfortunately, the file is still here, even after I followed every instruction. :-(

Here is the rapport from the Smitfraudfix.exe:

SmitFraudFix v2.276

Scan done at 12:14:43.14, Mon 01/28/2008
Run from C:\Users\Mercuryrose88\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5CF63800-A8B9-4061-BFD6-E01C4FF176F2}: DhcpNameServer=141.165.1.10 141.165.1.9
HKLM\SYSTEM\CCS\Services\Tcpip\..\{67CFA30F-93A7-4FE4-9CED-3E3A754A1EDA}: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5CF63800-A8B9-4061-BFD6-E01C4FF176F2}: DhcpNameServer=141.165.1.10 141.165.1.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{67CFA30F-93A7-4FE4-9CED-3E3A754A1EDA}: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5CF63800-A8B9-4061-BFD6-E01C4FF176F2}: DhcpNameServer=141.165.1.10 141.165.1.9
HKLM\SYSTEM\CS3\Services\Tcpip\..\{67CFA30F-93A7-4FE4-9CED-3E3A754A1EDA}: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=141.165.1.10 141.165.1.9
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=141.165.1.10 141.165.1.9
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

And here are the reports from DSS:

Deckard's System Scanner v20071014.68
Run by Mercuryrose88 on 2008-01-28 14:04:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 4 Restore Point(s) --
4: 2008-01-28 16:20:35 UTC - RP171 - Scheduled Checkpoint
3: 2008-01-27 20:22:07 UTC - RP170 - Scheduled Checkpoint
2: 2008-01-27 03:26:59 UTC - RP169 - Installed AVG 7.5
1: 2008-01-26 14:02:45 UTC - RP168 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 1014 MiB (1024 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-28 14:08:49
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\services.exe
C:\Windows\System32\lsass.exe
C:\Windows\System32\lsm.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SLsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\System32\svchost.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
C:\Windows\System32\svchost.exe
C:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Windows\System32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SearchIndexer.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\conime.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG7\avgw.exe
C:\Users\Mercuryrose88\Desktop\dss.exe
C:\Windows\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA7334] command /c del "C:\Windows\System32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC467] cmd /c del "C:\Windows\System32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\system32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\System32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgrssvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
O23 - Service: Swupdtmr - Unknown owner - C:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\System32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


--
End of file - 13307 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S4 KR10I - c:\windows\system32\drivers\kr10i.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID>
S4 KR10N - c:\windows\system32\drivers\kr10n.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID>
S4 KR3NPXP - c:\windows\system32\drivers\kr3npxp.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>
R2 SpyHunter3 Service - "c:\program files\enigma software group\spyhunter\shservice.exe" <Not Verified; Enigma Software Group, Inc.; SpyHunter3>
R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application>
R2 TOSHIBA Bluetooth Service - c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe <Not Verified; TOSHIBA CORPORATION; Bluetooth Stack for Windows by TOSHIBA>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-01 01:00:16 368 --a------ C:\Windows\Tasks\McQcTask.job
2007-12-15 03:32:28 366 --a------ C:\Windows\Tasks\McDefragTask.job


-- Files created between 2007-12-28 and 2008-01-28 -----------------------------

2008-01-28 12:14:47 2412 --a------ C:\Windows\system32\tmp.reg
2008-01-28 12:14:29 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-01-28 12:14:29 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-28 12:14:29 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-01-28 12:14:29 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-01-28 12:14:29 81920 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-28 12:14:29 51200 --a------ C:\Windows\system32\dumphive.exe
2008-01-27 20:16:10 0 d-------- C:\Program Files\Enigma Software Group
2008-01-27 12:09:38 86144 --a------ C:\Windows\system32\drivers\msteee.sys
2008-01-27 10:00:09 0 dr-h----- C:\$VAULT$.AVG
2008-01-26 23:27:08 0 d-------- C:\Program Files\Startup Mechanic
2008-01-26 22:29:01 0 d-------- C:\Users\All Users\Grisoft
2008-01-26 22:29:01 0 d-------- C:\Users\All Users\avg7
2008-01-23 13:00:23 143360 --a------ C:\Windows\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-01-23 12:44:44 0 d-------- C:\Program Files\Cisco Systems


-- Find3M Report ---------------------------------------------------------------

2008-01-28 14:00:03 0 d-------- C:\Users\Mercuryrose88\AppData\Roaming\AVG7
2008-01-28 12:19:16 0 d-------- C:\Program Files\McAfee
2008-01-23 15:51:34 0 d-------- C:\Program Files\Common Files\McAfee
2008-01-18 18:37:21 0 d-------- C:\Program Files\QuickTime
2008-01-10 23:38:01 0 d-------- C:\Users\Mercuryrose88\AppData\Roaming\SiteAdvisor
2008-01-09 17:19:24 0 d-------- C:\Program Files\Windows Mail
2008-01-09 17:06:52 0 d-------- C:\Program Files\Windows Sidebar
2007-12-21 13:19:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-19 16:54:55 0 d-------- C:\Program Files\SiteAdvisor
2007-12-09 08:56:34 0 d-------- C:\Program Files\MSBuild
2007-12-09 08:48:11 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-07 16:26:37 0 d-------- C:\Program Files\Gravity
2007-12-07 16:25:21 65536 --a------ C:\Windows\IFinst27.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
09/19/2007 06:15 AM 329032 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [06/29/2007 01:08 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [10/18/2006 11:14 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 05:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/14/2007 09:00 AM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [08/24/2007 07:54 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [08/24/2007 07:54 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [08/24/2007 07:54 PM]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [10/29/2007 06:02 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/26/2008 10:29 PM]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe" [12/13/2007 09:21 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [11/22/2004 11:18 AM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/18/2007 10:54 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 07:36 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingA7334"=command /c del "C:\Windows\System32\drivers\core.cache.dsk_tobedeleted"
"SpybotDeletingC467"=cmd /c del "C:\Windows\System32\drivers\core.cache.dsk_tobedeleted"
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

C:\Users\Mercuryrose88\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 10:24:54 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [12/7/2007 5:12:50 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 01/26/2008 10:30 PM 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-01-28 14:12:24 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5300 @ 1.73GHz
Percentage of Memory in Use: 77%
Physical Memory (total/avail): 1013.44 MiB / 227.49 MiB
Pagefile Memory (total/avail): 2274.37 MiB / 1242.16 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.38 MiB

C: is Fixed (NTFS) - 147.58 GiB total, 57.63 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541616J9SA00 ATA Device - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 1500 MiB
\PARTITION1 (bootable) - Installable File System - 147.58 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: McAfee Personal Firewall v (McAfee)
AV: AVG 7.5.516 v7.5.516 (Grisoft)
AV: McAfee VirusScan v (McAfee)
AS: McAfee VirusScan v (McAfee)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Mercuryrose88\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BANANA-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Mercuryrose88
LOCALAPPDATA=C:\Users\Mercuryrose88\AppData\Local
LOGONSERVER=\\BANANA-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\MERCUR~1\AppData\Local\Temp
TMP=C:\Users\MERCUR~1\AppData\Local\Temp
USERDOMAIN=Banana-PC
USERNAME=Mercuryrose88
USERPROFILE=C:\Users\Mercuryrose88
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Mercuryrose88


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
Bejeweled 2 Deluxe --> "C:\Program Files\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe"
BitComet 0.90 --> C:\Program Files\BitComet\uninst.exe
Blackhawk Striker 2 --> "C:\Program Files\TOSHIBA Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 3 --> "C:\Program Files\TOSHIBA Games\Blasterball 3\Uninstall.exe"
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Camera Assistant Software for Toshiba --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe" -l0x9
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9
Chuzzle Deluxe --> "C:\Program Files\TOSHIBA Games\Chuzzle Deluxe\Uninstall.exe"
Cisco Clean Access Agent --> MsiExec.exe /X{04010300-6D72-4D54-8686-91D884A27B5C}
Combined Community Codec Pack 2007-07-22 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
Deliverance-Online --> C:\Program Files\Gravity\RO\Uninstal.exe
Desktop Dialer --> C:\Windows\unvise32.exe C:\Program Files\DesktopDialer\uninstal.log
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD MovieFactory for TOSHIBA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
FATE --> "C:\Program Files\TOSHIBA Games\FATE\Uninstall.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Internet Offers --> C:\Program Files\Internet Offers\ToshUninst.exe
iTunes --> MsiExec.exe /I{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
JEOPARDY --> "C:\Program Files\TOSHIBA Games\JEOPARDY\Uninstall.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Money Essentials --> "C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries --> MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
On2 VP7 Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9
Penguins! --> "C:\Program Files\TOSHIBA Games\Penguins!\Uninstall.exe"
Polar Bowler --> "C:\Program Files\TOSHIBA Games\Polar Bowler\Uninstall.exe"
Polar Golfer --> "C:\Program Files\TOSHIBA Games\Polar Golfer\Uninstall.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Ragnarok Sakray --> "C:\Windows\IFinst27.exe" -UC:\Program Files\Gravity\RO\IFUBA90.inf
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
SCRABBLE --> "C:\Program Files\TOSHIBA Games\SCRABBLE\Uninstall.exe"
Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Excel 2007 (KB936509) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Office 2007 (KB936514) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0409
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree --> C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe -runfromtemp -l0x0009uninstall -removeonly
TOSHIBA Disc Creator --> MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Extended Tiles for Windows Mobility Center --> C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
TOSHIBA Game Console --> "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\Uninstall.exe"
TOSHIBA Hardware Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B97599D2-01F7-4551-96D8-674D3D886F7B}\setup.exe" -l0x9
TOSHIBA Media Center Game Console --> "C:\Program Files\TOSHIBA Games\TOSHIBA Media Center Game Console\Uninstall.exe"
Toshiba Registration --> MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
TOSHIBA SD Memory Utilities --> MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{744E2BC2-EC6F-44D5-AA68-451B4131383B}\setup.exe" -l0x9
TOSHIBA Value Added Package --> C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB932080) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Office 2007 (KB934393) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb943597) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A751F0DB-8476-4207-956E-20AEBBA4B1DA}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Update for Word 2007 (KB934173) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinDVD for TOSHIBA --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type9183 / Error
Event Submitted/Written: 01/28/2008 01:57:56 PM
Event ID/Source: 24 / WinMgmt
Event Description:
$Coreselect * from __TimerEvent__TimerEvent//./root/wmi

Event Record #/Type9182 / Error
Event Submitted/Written: 01/28/2008 01:57:56 PM
Event ID/Source: 24 / WinMgmt
Event Description:
$Coreselect * from __SystemEvent__SystemEvent//./root/wmi

Event Record #/Type9181 / Error
Event Submitted/Written: 01/28/2008 01:57:56 PM
Event ID/Source: 24 / WinMgmt
Event Description:
$Coreselect * from __NamespaceOperationEvent__NamespaceOperationEvent//./root/wmi

Event Record #/Type9180 / Error
Event Submitted/Written: 01/28/2008 01:57:56 PM
Event ID/Source: 24 / WinMgmt
Event Description:
$Coreselect * from __ClassOperationEvent__ClassOperationEvent//./root/wmi

Event Record #/Type9179 / Error
Event Submitted/Written: 01/28/2008 01:57:55 PM
Event ID/Source: 24 / WinMgmt
Event Description:
$Coreselect * from __InstanceOperationEvent__InstanceOperationEvent//./root/wmi



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type30396 / Error
Event Submitted/Written: 01/28/2008 00:17:12 PM
Event ID/Source: 10005 / DCOM
Event Description:
1084McNASvc{24F616A1-B755-4053-8018-C3425DC8B68A}

Event Record #/Type30395 / Error
Event Submitted/Written: 01/28/2008 00:14:11 PM
Event ID/Source: 10005 / DCOM
Event Description:
1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Event Record #/Type30394 / Error
Event Submitted/Written: 01/28/2008 00:13:37 PM
Event ID/Source: 10005 / DCOM
Event Description:
1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Event Record #/Type30393 / Error
Event Submitted/Written: 01/28/2008 00:13:37 PM
Event ID/Source: 10005 / DCOM
Event Description:
1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type30392 / Error
Event Submitted/Written: 01/28/2008 00:13:36 PM
Event ID/Source: 10005 / DCOM
Event Description:
1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}



-- End of Deckard's System Scanner: finished at 2008-01-28 14:12:24 ------------


Thank you for the previous advice, and if you had any further suggestions I would greatly appreciate it!! My boyfriend had bought a subscription to Panda Antivirus, good for up to 3 computers- would this help my laptop?

Thank you for your help!

[Rorschach112]

Panda is a good program, but it won't help you remove this infection

There are also better free programs out there.

First off, you have two anti-virus programs, AVG and McAfee, so you need to remove one of these



Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[Mercuryrose88]

Thank you for the advice!

However, when I downloaded Combofix.exe and began to run it, a blue window popped up and stated that it tried to run the application and said "out of memory". McAfee pulled up many warnings, and though I allowed the program to run, my computer beeped (it was a high pitched beep, one I've never heard my computer make), and a warning came up saying along the lines that 1/100 machines failed to make the disinfection process and asked me if I wanted to do this.

I pressed no because I don't know if it was supposed to do that.

What should I do? Thank you again!

PS- I erased AVG and chose to keep McAfee on. ^_^

[Rorschach112]

Delete ComboFix.exe and the folder C:\qoobox then do this. Ignore any warnings from McAfee

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[Mercuryrose88]

Thank you again for the help!!

Here are the logs from Hijackthis and Combofix. I had to update to a new version of HijackThis, since the site wouldn't let me post an outdated log, so hopefully this will work!

I don't think that Combofix was able to delete the file that Smitfraud was located in (C:\Windows\System32\drivers\core.cache.dsk)

I hope this helps!

ComboFix 08-01-29.3 - Mercuryrose88 2008-01-29 10:43:08.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.251 [GMT -5:00]
Running from: C:\Users\Mercuryrose88\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\core.cache.dsk . . . . failed to delete
C:\Windows\system32\x64
C:\Windows\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 15:42 262,144 ----a-w C:\ProgramData\ntuser.dat
2008-01-29 15:31 --------- d-----w C:\Program Files\McAfee
2008-01-29 00:58 --------- d-----w C:\ProgramData\Avg7
2008-01-28 01:16 --------- d-----w C:\Program Files\Enigma Software Group
2008-01-27 22:31 932 ----a-w C:\Windows\system32\drivers\core.cache.dsk
2008-01-27 19:37 81,920 ----a-w C:\Windows\System32\IEDFix.exe
2008-01-27 19:00 --------- d-----w C:\Program Files\Startup Mechanic
2008-01-27 17:09 86,144 ----a-w C:\Windows\system32\drivers\msteee.sys
2008-01-23 20:51 --------- d-----w C:\Program Files\Common Files\McAfee
2008-01-23 17:44 --------- d-----w C:\Program Files\Cisco Systems
2008-01-18 23:37 --------- d-----w C:\Program Files\QuickTime
2008-01-11 04:38 --------- d-----w C:\Users\Mercuryrose88\AppData\Roaming\SiteAdvisor
2008-01-09 22:19 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 22:15 802,816 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-01-09 22:15 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-01-09 22:15 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-01-09 22:15 216,760 ----a-w C:\Windows\system32\drivers\netio.sys
2008-01-09 22:15 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-01-09 22:10 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-09 22:10 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-09 22:10 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-09 22:10 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-09 22:10 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-09 22:10 1,686,016 ----a-w C:\Windows\System32\gameux.dll
2008-01-09 22:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-01-09 22:09 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 22:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-01-09 22:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-01-09 22:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-01-09 22:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-01-09 22:09 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 22:06 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 22:06 --------- d-----w C:\Program Files\Windows Sidebar
2007-12-21 18:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 21:54 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-12 22:13 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-12 22:12 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 22:11 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 22:11 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 22:10 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-12 22:09 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 22:09 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 22:09 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 22:08 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 22:08 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 22:08 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 22:08 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 22:04 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-12 22:04 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-09 13:56 --------- d-----w C:\Program Files\MSBuild
2007-12-09 13:48 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-12-07 21:26 --------- d-----w C:\Program Files\Gravity
2007-12-07 21:25 65,536 ----a-w C:\Windows\IFinst27.exe
2007-12-01 23:13 --------- d-----w C:\ProgramData\WildTangent
2007-11-17 21:15 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-13 22:04 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-13 22:04 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-13 22:04 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-13 22:04 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-13 22:04 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-13 22:04 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-13 22:04 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-13 22:04 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-13 22:04 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-13 22:04 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-13 22:02 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-13 22:02 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-10-29 11:23 110,592 ----a-w C:\Windows\System32\SynTPCo4.dll
2007-10-29 10:55 147,456 ----a-w C:\Windows\System32\SynTPAPI.dll
2007-10-29 10:47 196,608 ----a-w C:\Windows\System32\SynCtrl.dll
2007-10-29 10:47 163,840 ----a-w C:\Windows\System32\SynCOM.dll
2007-09-02 21:38 938 ----a-w C:\Users\Mercuryrose88\AppData\Roaming\wklnhst.dat
2007-08-31 07:16 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ZipFile]
@={2D7E38A6-A604-45AE-9A87-4F5F25760650}

[HKEY_CLASSES_ROOT\CLSID\{2D7E38A6-A604-45AE-9A87-4F5F25760650}]
C:\Windows\System32\winsdrv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 11:18 307200]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-18 22:54 5674352]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-29 13:08 1006264]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2006-10-18 11:14 35928]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 09:00 267064]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-08-24 19:54 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-08-24 19:54 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-08-24 19:54 129560]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-10-29 06:02 102400]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]

C:\Users\Mercuryrose88\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 22:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R2 ACEDRV09;ACEDRV09;C:\Windows\system32\drivers\ACEDRV09.sys [2007-09-07 13:11]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 01:11]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-24 19:39]
R3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-12-19 11:12]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-03 03:43]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-03 03:43]
S4 KR3NPXP;KR3NPXP;C:\Windows\system32\drivers\kr3npxp.sys [2007-01-03 03:43]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 15:49:01 C:\Windows\Tasks\At1.job"
- C:\ComboFix\kmd.exe
"2007-12-15 08:32:28 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-01 06:00:16 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 10:52:15
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\conime.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-01-29 10:56:34 - machine was rebooted [Mercuryrose88]
ComboFix-quarantined-files.txt 2008-01-29 15:56:21
.
2008-01-09 22:15:36 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:21 PM, on 1/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\notepad.exe
C:\Users\Mercuryrose88\Desktop\HiJackThis_v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0196701201620712) (0196701201620712mcinstcleanup) - Unknown owner - C:\Windows\TEMP\019670~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8797 bytes


Here you go! Will I be able to remove this virus?

[Rorschach112]

Yes we will be able to remove it.

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Windows\system32\drivers\core.cache.dsk
C:\Windows\IFinst27.exe
C:\Windows\System32\winsdrv.dll

Dirlook::
C:\Program Files\Gravity

Save this as CFScript.txt, in the same location as ComboFix.exe




drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Edited by Rorschach112, 29 January 2008 - 12:14 PM.

[Mercuryrose88]

Thank you again for your help!

Unfortunately, I followed the instructions exactly as you asked, and the file is still here. :-(

I tried fixing the file you listed for the HijackThis log, however, even though I made sure HJT was the only window open and running, it still would not delete.

And now, I'm experiencing my internet explorer browser popping up again, so I don't know what to do now...

Here is the combofix log after I added the CFScript.txt file to combofix.exe, though I don't know if you wanted to see it or not.

ComboFix 08-01-29.3 - Mercuryrose88 2008-01-29 16:39:06.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.293 [GMT -5:00]
Running from: C:\Users\Mercuryrose88\Desktop\ComboFix.exe
Command switches used :: C:\Users\Mercuryrose88\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Windows\IFinst27.exe
C:\Windows\system32\drivers\core.cache.dsk
C:\Windows\System32\winsdrv.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\IFinst27.exe
C:\Windows\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 21:38 262,144 ----a-w C:\ProgramData\ntuser.dat
2008-01-29 17:57 --------- d-----w C:\Program Files\Trend Micro
2008-01-29 15:31 --------- d-----w C:\Program Files\McAfee
2008-01-29 00:58 --------- d-----w C:\ProgramData\Avg7
2008-01-28 01:16 --------- d-----w C:\Program Files\Enigma Software Group
2008-01-27 22:31 932 ----a-w C:\Windows\system32\drivers\core.cache.dsk
2008-01-27 19:37 81,920 ----a-w C:\Windows\System32\IEDFix.exe
2008-01-27 19:00 --------- d-----w C:\Program Files\Startup Mechanic
2008-01-27 17:09 86,144 ----a-w C:\Windows\system32\drivers\msteee.sys
2008-01-23 20:51 --------- d-----w C:\Program Files\Common Files\McAfee
2008-01-23 17:44 --------- d-----w C:\Program Files\Cisco Systems
2008-01-18 23:37 --------- d-----w C:\Program Files\QuickTime
2008-01-11 04:38 --------- d-----w C:\Users\Mercuryrose88\AppData\Roaming\SiteAdvisor
2008-01-09 22:19 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 22:15 802,816 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-01-09 22:15 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-01-09 22:15 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-01-09 22:15 216,760 ----a-w C:\Windows\system32\drivers\netio.sys
2008-01-09 22:15 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-01-09 22:10 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-09 22:10 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-09 22:10 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-09 22:10 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-09 22:10 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-09 22:10 1,686,016 ----a-w C:\Windows\System32\gameux.dll
2008-01-09 22:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-01-09 22:09 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 22:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-01-09 22:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-01-09 22:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-01-09 22:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-01-09 22:09 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 22:06 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 22:06 --------- d-----w C:\Program Files\Windows Sidebar
2007-12-21 18:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 21:54 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-12 22:13 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-12 22:12 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 22:11 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 22:11 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 22:10 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-12 22:09 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 22:09 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 22:09 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 22:08 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 22:08 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 22:08 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 22:08 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 22:04 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-12 22:04 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-09 13:56 --------- d-----w C:\Program Files\MSBuild
2007-12-09 13:48 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-12-07 21:26 --------- d-----w C:\Program Files\Gravity
2007-12-01 23:13 --------- d-----w C:\ProgramData\WildTangent
2007-11-17 21:15 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-13 22:04 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-13 22:04 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-13 22:04 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-13 22:04 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-13 22:04 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-13 22:04 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-13 22:04 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-13 22:04 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-13 22:04 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-13 22:04 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-13 22:02 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-13 22:02 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-10-29 11:23 110,592 ----a-w C:\Windows\System32\SynTPCo4.dll
2007-10-29 10:55 147,456 ----a-w C:\Windows\System32\SynTPAPI.dll
2007-10-29 10:47 196,608 ----a-w C:\Windows\System32\SynCtrl.dll
2007-10-29 10:47 163,840 ----a-w C:\Windows\System32\SynCOM.dll
2007-09-02 21:38 938 ----a-w C:\Users\Mercuryrose88\AppData\Roaming\wklnhst.dat
2007-08-31 07:16 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\Gravity ----

2008-01-09 17:08 1537 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36455_2.ebm
2008-01-09 17:05 916 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36681_5.ebm
2008-01-09 17:01 619 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36158_72.ebm
2008-01-09 16:59 1074 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_33605_3.ebm
2008-01-09 16:35 276555 --a------ C:\Program Files\Gravity\RO\ScreenShot\screenDeliverance002.jpg
2008-01-09 16:35 276291 --a------ C:\Program Files\Gravity\RO\ScreenShot\screenDeliverance003.jpg
2008-01-09 16:34 276025 --a------ C:\Program Files\Gravity\RO\ScreenShot\screenDeliverance001.jpg
2008-01-09 16:33 1768 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_30913_195.ebm
2008-01-09 16:31 911 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_33678_10.ebm
2008-01-09 16:31 888 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36686_22.ebm
2008-01-09 16:31 505 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36691_10.ebm
2008-01-09 16:31 181 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35629_12.ebm
2008-01-09 16:31 1767 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36718_2.ebm
2008-01-09 16:31 142 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_34291_1.ebm
2008-01-09 16:31 1403 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36638_1.ebm
2008-01-09 16:31 1120 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36271_61.ebm
2008-01-09 16:30 673 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_33956_4.ebm
2008-01-09 16:30 571 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36660_1.ebm
2008-01-09 16:30 1676 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35544_151.ebm
2008-01-09 16:29 717 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36629_1.ebm
2008-01-09 16:29 671 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36705_5.ebm
2008-01-09 16:29 262 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_34656_18.ebm
2008-01-09 16:29 255 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36661_4.ebm
2008-01-09 16:29 1599 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36712_1.ebm
2008-01-09 16:29 1193 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36586_3.ebm
2008-01-09 16:29 1109 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35179_54.ebm
2007-12-24 00:56 898 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_34336_10.ebm
2007-12-23 23:53 355 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36587_2.ebm
2007-12-23 23:53 1165 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35822_7.ebm
2007-12-23 23:53 1079 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_34916_32.ebm
2007-12-23 23:41 1780 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36547_8.ebm
2007-12-23 23:40 448 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36585_4.ebm
2007-12-23 23:40 1579 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35707_3.ebm
2007-12-23 23:39 940 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36588_2.ebm
2007-12-23 23:39 217 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36575_27.ebm
2007-12-23 23:39 1441 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36478_23.ebm
2007-12-23 23:39 1142 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35993_2.ebm
2007-12-23 23:38 1007 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_34178_228.ebm
2007-12-19 16:53 640 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36540_1.ebm
2007-12-19 16:35 882 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_31656_1.ebm
2007-12-19 16:33 774 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_31708_3.ebm
2007-12-19 16:09 469 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_31219_42.ebm
2007-12-19 15:39 1782 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35974_70.ebm
2007-12-19 15:29 942 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36530_5.ebm
2007-12-19 15:15 848 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36515_1.ebm
2007-12-19 15:15 616 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36516_3.ebm
2007-12-19 15:15 1753 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36206_1.ebm
2007-12-19 15:15 1707 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35773_1.ebm
2007-12-19 15:14 883 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36544_2.ebm
2007-12-18 16:49 1478 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36521_1.ebm
2007-12-18 16:49 1026 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36520_1.ebm
2007-12-18 16:15 857 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36528_24.ebm
2007-12-18 16:15 807 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_30546_137.ebm
2007-12-11 13:30 731 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36481_1.ebm
2007-12-10 22:47 1713 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36013_5.ebm
2007-12-10 22:45 1762 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36488_1.ebm
2007-12-10 22:14 1780 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36484_4.ebm
2007-12-10 20:55 623 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36394_1.ebm
2007-12-10 20:38 1522 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36418_27.ebm
2007-12-10 20:35 1715 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35664_3.ebm
2007-12-10 19:45 580 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36482_1.ebm
2007-12-10 19:43 588 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35805_1.ebm
2007-12-10 19:42 971 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35914_27.ebm
2007-12-10 19:42 1640 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36445_26.ebm
2007-12-10 17:11 1300 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36357_5.ebm
2007-12-10 17:11 1057 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_32249_7.ebm
2007-12-10 17:10 1595 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36470_1.ebm
2007-12-10 16:53 1212 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35765_21.ebm
2007-12-10 15:59 1762 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35682_2.ebm
2007-12-10 15:59 1026 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36408_13.ebm
2007-12-10 12:15 1114 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_34290_3.ebm
2007-12-09 22:33 77397 --a------ C:\Program Files\Gravity\RO\ScreenShot\screen001.jpg
2007-12-09 20:19 1185 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_33282_1.ebm
2007-12-09 20:06 1051 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35793_1.ebm
2007-12-09 20:00 914 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36352_4.ebm
2007-12-09 20:00 825 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36449_14.ebm
2007-12-09 20:00 1434 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35302_33.ebm
2007-12-09 19:46 1242 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36406_4.ebm
2007-12-09 19:45 730 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_34667_1.ebm
2007-12-09 19:35 1018 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_33220_26.ebm
2007-12-09 17:49 1033 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35206_8.ebm
2007-12-09 17:47 306 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_30120_7.ebm
2007-12-09 17:36 662 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36467_5.ebm
2007-12-09 17:36 623 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35493_5.ebm
2007-12-09 17:36 1640 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_34564_5.ebm
2007-12-09 17:36 1278 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_32202_1.ebm
2007-12-09 15:30 1272 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_32751_1.ebm
2007-12-09 15:19 41527 --a------ C:\Program Files\Gravity\RO\ScreenShot\screenDeliverance000.jpg
2007-12-09 12:54 381 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35968_1.ebm
2007-12-09 12:46 1174 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36098_6.ebm
2007-12-09 12:45 913 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36472_3.ebm
2007-12-09 12:25 706 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_32079_2.ebm
2007-12-08 22:52 1770 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35937_1.ebm
2007-12-08 22:45 1682 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36150_1.ebm
2007-12-08 22:43 1729 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36372_6.ebm
2007-12-08 17:14 1525 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_34454_20.ebm
2007-12-08 17:10 686 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36402_4.ebm
2007-12-08 17:08 199 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35926_8.ebm
2007-12-08 17:06 376 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36214_2.ebm
2007-12-08 17:05 809 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35872_101.ebm
2007-12-08 17:03 250 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35354_1.ebm
2007-12-08 17:02 1135 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36405_13.ebm
2007-12-08 15:46 1379 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_33669_2.ebm
2007-12-08 15:17 1737 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_34306_1.ebm
2007-12-08 15:03 1680 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_33845_11.ebm
2007-12-08 14:51 840 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35209_1.ebm
2007-12-08 14:51 287 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36459_6.ebm
2007-12-08 14:51 1009 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35595_1.ebm
2007-12-08 14:50 624 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35059_26.ebm
2007-12-08 14:50 1691 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36162_21.ebm
2007-12-08 14:50 1468 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_34774_13.ebm
2007-12-08 14:39 625 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36435_15.ebm
2007-12-08 14:36 815 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36413_5.ebm
2007-12-08 14:35 594 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_30005_5.ebm
2007-12-08 14:35 1198 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36382_1.ebm
2007-12-08 14:21 1446 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35892_9.ebm
2007-12-08 14:21 1192 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35496_2.ebm
2007-12-08 14:17 1349 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_30041_1.ebm
2007-12-08 13:04 1414 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35790_1.ebm
2007-12-08 12:41 895 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_34628_67.ebm
2007-12-08 12:35 923 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36156_13.ebm
2007-12-08 12:35 620 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36454_2.ebm
2007-12-08 12:35 1036 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35656_75.ebm
2007-12-08 11:19 1496 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36062_8.ebm
2007-12-08 11:11 1143 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36339_5.ebm
2007-12-08 02:40 734 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_33967_21.ebm
2007-12-08 02:35 535 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35922_9.ebm
2007-12-08 02:35 1078 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_34794_1.ebm
2007-12-08 02:34 1331 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35160_1.ebm
2007-12-08 02:33 996 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35733_1.ebm
2007-12-08 02:33 1623 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_34759_1.ebm
2007-12-08 02:32 956 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36251_4.ebm
2007-12-08 02:32 945 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_32503_5.ebm
2007-12-08 02:32 795 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35031_5.ebm
2007-12-08 02:31 999 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35720_6.ebm
2007-12-08 02:31 860 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_32501_2.ebm
2007-12-08 02:31 735 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36142_1.ebm
2007-12-08 02:31 510 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35335_5.ebm
2007-12-08 02:31 1565 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35871_1.ebm
2007-12-08 02:31 1470 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35927_1.ebm
2007-12-08 02:31 1363 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36259_1.ebm
2007-12-08 02:31 1305 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35118_12.ebm
2007-12-08 02:31 1298 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36054_42.ebm
2007-12-08 02:31 1252 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36222_15.ebm
2007-12-08 02:31 1192 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35553_1.ebm
2007-12-08 02:30 843 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_32937_2.ebm
2007-12-08 02:29 760 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36410_1.ebm
2007-12-08 02:27 147 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35415_1.ebm
2007-12-08 01:59 711 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35229_6.ebm
2007-12-08 01:59 257 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36273_9.ebm
2007-12-08 01:58 834 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36425_1.ebm
2007-12-08 01:58 320 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36185_6.ebm
2007-12-08 01:54 249 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36005_22.ebm
2007-12-08 01:32 1565 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35116_33.ebm
2007-12-08 01:13 1650 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36363_27.ebm
2007-12-08 01:11 1362 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35547_7.ebm
2007-12-08 01:08 812 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36350_3.ebm
2007-12-08 01:08 1498 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36450_21.ebm
2007-12-08 01:07 1654 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35854_9.ebm
2007-12-08 01:05 478 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36340_1.ebm
2007-12-08 01:05 1128 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_32098_27.ebm
2007-12-08 01:03 846 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_34880_3.ebm
2007-12-08 01:03 283 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35244_20.ebm
2007-12-08 01:02 1076 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36458_28.ebm
2007-12-08 01:00 1075 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36416_1.ebm
2007-12-08 00:56 387 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36344_16.ebm
2007-12-08 00:55 354 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35108_9.ebm
2007-12-08 00:55 320 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36243_2.ebm
2007-12-08 00:54 1489 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36040_1.ebm
2007-12-08 00:54 1298 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35953_4.ebm
2007-12-08 00:52 604 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_33572_138.ebm
2007-12-08 00:52 1512 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35267_34.ebm
2007-12-08 00:52 1509 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36349_12.ebm
2007-12-08 00:51 779 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36389_3.ebm
2007-12-08 00:51 284 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_31052_5.ebm
2007-12-08 00:51 1770 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35352_4.ebm
2007-12-08 00:51 1362 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36269_17.ebm
2007-12-08 00:18 1148 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36115_1.ebm
2007-12-08 00:17 859 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35311_13.ebm
2007-12-08 00:17 839 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36364_1.ebm
2007-12-08 00:17 768 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36039_8.ebm
2007-12-08 00:17 1750 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36186_5.ebm
2007-12-08 00:17 1708 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36453_2.ebm
2007-12-08 00:17 1535 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_31751_15.ebm
2007-12-08 00:17 1294 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35497_18.ebm
2007-12-08 00:16 866 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35782_6.ebm
2007-12-08 00:16 812 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_34363_44.ebm
2007-12-08 00:16 810 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36456_1.ebm
2007-12-08 00:16 489 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_35447_34.ebm
2007-12-08 00:16 396 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_34469_10.ebm
2007-12-08 00:16 1564 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36362_2.ebm
2007-12-08 00:16 1495 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36457_1.ebm
2007-12-08 00:16 1151 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_34340_3.ebm
2007-12-08 00:16 1010 --a------ C:\Program Files\Gravity\RO\_tmpEmblem\Deliverance_36289_13.ebm
2007-12-08 00:01 21577 --a------ C:\Program Files\Gravity\RO\ScreenShot\screen000.jpg
2007-12-07 23:29 142619 --a------ C:\Program Files\Gravity\RO\Uninstal.exe
2007-12-07 16:29 41864 -r-h----- C:\Program Files\Gravity\RO\IFUBA90.inf
2007-10-17 10:21 4 --a------ C:\Program Files\Gravity\RO\spatch.inf
2007-10-17 10:21 1096185846 --a------ C:\Program Files\Gravity\RO\sdata.grf
2007-10-17 10:20 3190870 --a------ C:\Program Files\Gravity\RO\Sakexe.exe
2007-05-12 16:38 36970003 --a------ C:\Program Files\Gravity\RO\adata.grf
2007-05-12 16:35 3 --a------ C:\Program Files\Gravity\RO\neoncube.file
2007-03-10 23:58 3804559 --a------ C:\Program Files\Gravity\RO\BGM\Berz01.mp3
2007-03-10 23:56 4429617 --a------ C:\Program Files\Gravity\RO\BGM\Berz04.mp3
2007-03-10 23:52 2197715 --a------ C:\Program Files\Gravity\RO\BGM\Berz03.mp3
2007-03-10 23:51 2165741 --a------ C:\Program Files\Gravity\RO\BGM\Berz02.mp3
2007-03-10 17:56 14066 --a------ C:\Program Files\Gravity\RO\AI\AI.lua
2007-03-08 15:33 2977 --a------ C:\Program Files\Gravity\RO\AI\Const.lua
2007-03-08 15:33 13803 --a------ C:\Program Files\Gravity\RO\AI\AI_M.lua
2007-03-03 00:34 3035222 --a------ C:\Program Files\Gravity\RO\Deliverance.exe
2007-01-31 03:05 1956 --a------ C:\Program Files\Gravity\RO\skin\ZeroTwo\btn_del_b.bmp
2007-01-31 03:05 1956 --a------ C:\Program Files\Gravity\RO\skin\ZeroTwo\btn_del_a.bmp
2007-01-31 03:05 1956 --a------ C:\Program Files\Gravity\RO\skin\Spring_Breeze\btn_del_b.bmp
2007-01-31 03:05 1956 --a------ C:\Program Files\Gravity\RO\skin\Spring_Breeze\btn_del_a.bmp
2007-01-31 03:05 1956 --a------ C:\Program Files\Gravity\RO\skin\SonicBoom\btn_del_b.bmp
2007-01-31 03:05 1956 --a------ C:\Program Files\Gravity\RO\skin\SonicBoom\btn_del_a.bmp
2007-01-31 03:05 1956 --a------ C:\Program Files\Gravity\RO\skin\Sky\btn_del_b.bmp
2007-01-31 03:05 1956 --a------ C:\Program Files\Gravity\RO\skin\Sky\btn_del_a.bmp
2007-01-31 03:05 1956 --a------ C:\Program Files\Gravity\RO\skin\euRO\btn_del_b.bmp
2007-01-31 03:05 1956 --a------ C:\Program Files\Gravity\RO\skin\euRO\btn_del_a.bmp
2007-01-31 03:05 1956 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_del_b.bmp
2007-01-31 03:05 1956 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_del_a.bmp
2007-01-31 03:05 1956 --a------ C:\Program Files\Gravity\RO\skin\ArcticBlitz\btn_del_b.bmp
2007-01-31 03:05 1956 --a------ C:\Program Files\Gravity\RO\skin\ArcticBlitz\btn_del_a.bmp
2007-01-31 03:05 1256 --a------ C:\Program Files\Gravity\RO\skin\ZeroTwo\btn_del.bmp
2007-01-31 03:05 1256 --a------ C:\Program Files\Gravity\RO\skin\Spring_Breeze\btn_del.bmp
2007-01-31 03:05 1256 --a------ C:\Program Files\Gravity\RO\skin\SonicBoom\btn_del.bmp
2007-01-31 03:05 1256 --a------ C:\Program Files\Gravity\RO\skin\Sky\btn_del.bmp
2007-01-31 03:05 1256 --a------ C:\Program Files\Gravity\RO\skin\euRO\btn_del.bmp
2007-01-31 03:05 1256 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_del.bmp
2007-01-31 03:05 1256 --a------ C:\Program Files\Gravity\RO\skin\ArcticBlitz\btn_del.bmp
2007-01-31 03:04 2616 --a------ C:\Program Files\Gravity\RO\skin\ZeroTwo\btn_skill.bmp
2007-01-31 03:04 2616 --a------ C:\Program Files\Gravity\RO\skin\Spring_Breeze\btn_skill.bmp
2007-01-31 03:04 2616 --a------ C:\Program Files\Gravity\RO\skin\SonicBoom\btn_skill.bmp
2007-01-31 03:04 2616 --a------ C:\Program Files\Gravity\RO\skin\Sky\btn_skill.bmp
2007-01-31 03:04 2616 --a------ C:\Program Files\Gravity\RO\skin\euRO\btn_skill.bmp
2007-01-31 03:04 2616 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_skill.bmp
2007-01-31 03:04 2616 --a------ C:\Program Files\Gravity\RO\skin\ArcticBlitz\btn_skill.bmp
2007-01-31 03:04 1956 --a------ C:\Program Files\Gravity\RO\skin\ZeroTwo\btn_skill_b.bmp
2007-01-31 03:04 1956 --a------ C:\Program Files\Gravity\RO\skin\Spring_Breeze\btn_skill_b.bmp
2007-01-31 03:04 1956 --a------ C:\Program Files\Gravity\RO\skin\SonicBoom\btn_skill_b.bmp
2007-01-31 03:04 1956 --a------ C:\Program Files\Gravity\RO\skin\Sky\btn_skill_b.bmp
2007-01-31 03:04 1956 --a------ C:\Program Files\Gravity\RO\skin\euRO\btn_skill_b.bmp
2007-01-31 03:04 1956 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_skill_b.bmp
2007-01-31 03:04 1956 --a------ C:\Program Files\Gravity\RO\skin\ArcticBlitz\btn_skill_b.bmp
2007-01-31 03:04 1760 --a------ C:\Program Files\Gravity\RO\skin\ZeroTwo\btn_feed_b.bmp
2007-01-31 03:04 1760 --a------ C:\Program Files\Gravity\RO\skin\Spring_Breeze\btn_feed_b.bmp
2007-01-31 03:04 1760 --a------ C:\Program Files\Gravity\RO\skin\SonicBoom\btn_feed_b.bmp
2007-01-31 03:04 1760 --a------ C:\Program Files\Gravity\RO\skin\Sky\btn_feed_b.bmp
2007-01-31 03:04 1760 --a------ C:\Program Files\Gravity\RO\skin\euRO\btn_feed_b.bmp
2007-01-31 03:04 1760 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_feed_b.bmp
2007-01-31 03:04 1760 --a------ C:\Program Files\Gravity\RO\skin\ArcticBlitz\btn_feed_b.bmp
2007-01-31 03:04 1640 --a------ C:\Program Files\Gravity\RO\skin\ZeroTwo\btn_skill_a.bmp
2007-01-31 03:04 1640 --a------ C:\Program Files\Gravity\RO\skin\Spring_Breeze\btn_skill_a.bmp
2007-01-31 03:04 1640 --a------ C:\Program Files\Gravity\RO\skin\SonicBoom\btn_skill_a.bmp
2007-01-31 03:04 1640 --a------ C:\Program Files\Gravity\RO\skin\Sky\btn_skill_a.bmp
2007-01-31 03:04 1640 --a------ C:\Program Files\Gravity\RO\skin\euRO\btn_skill_a.bmp
2007-01-31 03:04 1640 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_skill_a.bmp
2007-01-31 03:04 1640 --a------ C:\Program Files\Gravity\RO\skin\ArcticBlitz\btn_skill_a.bmp
2007-01-31 03:03 1756 --a------ C:\Program Files\Gravity\RO\skin\ZeroTwo\btn_feed_a.bmp
2007-01-31 03:03 1756 --a------ C:\Program Files\Gravity\RO\skin\Spring_Breeze\btn_feed_a.bmp
2007-01-31 03:03 1756 --a------ C:\Program Files\Gravity\RO\skin\SonicBoom\btn_feed_a.bmp
2007-01-31 03:03 1756 --a------ C:\Program Files\Gravity\RO\skin\Sky\btn_feed_a.bmp
2007-01-31 03:03 1756 --a------ C:\Program Files\Gravity\RO\skin\euRO\btn_feed_a.bmp
2007-01-31 03:03 1756 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_feed_a.bmp
2007-01-31 03:03 1756 --a------ C:\Program Files\Gravity\RO\skin\ArcticBlitz\btn_feed_a.bmp
2007-01-31 03:03 1588 --a------ C:\Program Files\Gravity\RO\skin\ZeroTwo\btn_feed.bmp
2007-01-31 03:03 1588 --a------ C:\Program Files\Gravity\RO\skin\Spring_Breeze\btn_feed.bmp
2007-01-31 03:03 1588 --a------ C:\Program Files\Gravity\RO\skin\SonicBoom\btn_feed.bmp
2007-01-31 03:03 1588 --a------ C:\Program Files\Gravity\RO\skin\Sky\btn_feed.bmp
2007-01-31 03:03 1588 --a------ C:\Program Files\Gravity\RO\skin\euRO\btn_feed.bmp
2007-01-31 03:03 1588 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_feed.bmp
2007-01-31 03:03 1588 --a------ C:\Program Files\Gravity\RO\skin\ArcticBlitz\btn_feed.bmp
2007-01-04 02:38 2088858 --a------ C:\Program Files\Gravity\RO\BGM\108.mp3
2007-01-04 02:38 1899523 --a------ C:\Program Files\Gravity\RO\BGM\110.mp3
2007-01-04 02:38 1897642 --a------ C:\Program Files\Gravity\RO\BGM\109.mp3
2007-01-04 02:38 1836515 --a------ C:\Program Files\Gravity\RO\BGM\107.mp3
2007-01-02 04:10 2250922 --a------ C:\Program Files\Gravity\RO\BGM\102.mp3
2007-01-02 04:10 1976636 --a------ C:\Program Files\Gravity\RO\BGM\103.mp3
2007-01-02 04:10 1855323 --a------ C:\Program Files\Gravity\RO\BGM\104.mp3
2007-01-02 04:10 1825857 --a------ C:\Program Files\Gravity\RO\BGM\100.mp3
2007-01-02 04:10 1777896 --a------ C:\Program Files\Gravity\RO\BGM\106.mp3
2007-01-02 04:10 1585740 --a------ C:\Program Files\Gravity\RO\BGM\105.mp3
2007-01-02 04:10 1526494 --a------ C:\Program Files\Gravity\RO\BGM\101.mp3
2007-01-02 04:10 1453769 --a------ C:\Program Files\Gravity\RO\BGM\99.mp3
2006-08-30 09:38 1270932 --a------ C:\Program Files\Gravity\RO\BGM\98.mp3
2006-07-13 14:35 1859296 --a------ C:\Program Files\Gravity\RO\BGM\96.mp3
2006-07-13 14:35 1682815 --a------ C:\Program Files\Gravity\RO\BGM\94.mp3
2006-07-13 14:35 1636481 --a------ C:\Program Files\Gravity\RO\BGM\97.mp3
2006-07-13 14:35 1297256 --a------ C:\Program Files\Gravity\RO\BGM\95.mp3
2006-01-23 11:51 1607667 --a------ C:\Program Files\Gravity\RO\BGM\93.mp3
2005-11-15 17:45 8152 --a------ C:\Program Files\Gravity\RO\neoncube\skin_default\register_hover.bmp
2005-11-15 17:45 8152 --a------ C:\Program Files\Gravity\RO\neoncube\skin_default\cancel_hover.bmp
2005-11-15 17:45 28160 --a------ C:\Program Files\Gravity\RO\neoncube\skin_default\Thumbs.db
2005-11-15 17:44 8152 --a------ C:\Program Files\Gravity\RO\neoncube\skin_default\startgame_hover.bmp
2005-11-15 17:44 1008 --a------ C:\Program Files\Gravity\RO\neoncube\skin_default\minimize_hover.bmp
2005-11-15 17:43 1008 --a------ C:\Program Files\Gravity\RO\neoncube\skin_default\close_hover.bmp
2005-11-15 17:40 1008 --a------ C:\Program Files\Gravity\RO\neoncube\skin_default\minimize.bmp
2005-11-15 17:40 1008 --a------ C:\Program Files\Gravity\RO\neoncube\skin_default\close.bmp
2005-11-15 17:38 8152 --a------ C:\Program Files\Gravity\RO\neoncube\skin_default\startgame.bmp
2005-11-15 17:38 8152 --a------ C:\Program Files\Gravity\RO\neoncube\skin_default\register.bmp
2005-11-15 17:38 8152 --a------ C:\Program Files\Gravity\RO\neoncube\skin_default\cancel.bmp
2005-11-15 01:58 750056 --a------ C:\Program Files\Gravity\RO\neoncube\skin_default\bg.bmp
2005-11-15 01:56 3611 --a------ C:\Program Files\Gravity\RO\neoncube\neoncube.ini
2005-11-15 01:23 307200 --a------ C:\Program Files\Gravity\RO\Deliverance Patcher.exe
2005-11-15 00:45 4435968 --a------ C:\Program Files\Gravity\RO\BGM\dev03.mp3
2005-11-14 21:52 0 --a------ C:\Program Files\Gravity\RO\neoncube\grf.bak
2005-09-10 20:15 44 --a------ C:\Program Files\Gravity\RO\DATA.INI
2005-09-07 14:47 3524649 --a------ C:\Program Files\Gravity\RO\BGM\dev01.mp3
2005-08-28 14:37 172544 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\Thumbs.db
2005-08-28 02:45 28616 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\basewin_mini.bmp
2005-08-28 01:45 100856 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\basewin_bg.bmp
2005-08-27 09:30 109256 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\equipwin_bg.bmp
2005-08-26 21:40 1169030 --a------ C:\Program Files\Gravity\RO\BGM\dev02.mp3
2005-08-26 18:10 1064 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\chatwin1_line.bmp
2005-08-26 18:09 86576 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\chatwin0_bg.bmp
2005-08-26 18:07 1912 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\btnbar_left2.bmp
2005-08-26 18:07 1400 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\btnbar_left.bmp
2005-08-26 18:06 1912 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\btnbar_mid2.bmp
2005-08-26 18:06 1400 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\btnbar_mid.bmp
2005-08-26 18:05 1912 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\btnbar_right2.bmp
2005-08-26 18:05 1400 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\btnbar_right.bmp
2005-08-26 16:48 3128 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\itemwin_mid.bmp
2005-08-26 16:20 668 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\titlebar_left.bmp
2005-08-26 16:19 668 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\titlebar_mid.bmp
2005-08-26 16:10 668 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\titlebar_right.bmp
2005-08-26 16:08 14336 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\titlebar_fix.bmp
2005-08-26 15:59 102912 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\Thumbs.db
2005-08-26 15:58 86574 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\statwin1_bg.bmp
2005-08-26 15:58 86574 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\statwin0_bg.bmp
2005-08-26 15:58 86574 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\optwin1_bg.bmp
2005-08-26 15:58 86574 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\optwin0_bg.bmp
2005-08-26 15:58 86574 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\exchange_bg.bmp
2005-08-26 15:58 86 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\gzered_mid.bmp
2005-08-26 15:58 86 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\gzeblue_mid.bmp
2005-08-26 15:58 774 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\grp_stun.bmp
2005-08-26 15:58 774 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\grp_online.bmp
2005-08-26 15:58 774 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\grp_offline.bmp
2005-08-26 15:58 774 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\grp_leader.bmp
2005-08-26 15:58 670 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\sysbox_ru.bmp
2005-08-26 15:58 670 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\sysbox_rm.bmp
2005-08-26 15:58 670 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\sysbox_rd.bmp
2005-08-26 15:58 670 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\sysbox_mu.bmp
2005-08-26 15:58 670 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\sysbox_md.bmp
2005-08-26 15:58 670 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\sysbox_lu.bmp
2005-08-26 15:58 670 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\sysbox_lm.bmp
2005-08-26 15:58 670 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\sysbox_ld.bmp
2005-08-26 15:58 670 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\sysbox_bg.bmp
2005-08-26 15:58 670 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\sysbox_arr_r.bmp
2005-08-26 15:58 670 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\sysbox_arr_l.bmp
2005-08-26 15:58 574 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\scroll1right.bmp
2005-08-26 15:58 574 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\scroll1mid.bmp
2005-08-26 15:58 574 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\scroll1left.bmp
2005-08-26 15:58 574 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\scroll0up.bmp
2005-08-26 15:58 574 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\scroll0mid.bmp
2005-08-26 15:58 574 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\scroll0down.bmp
2005-08-26 15:58 574 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_resize.bmp
2005-08-26 15:58 574 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\dialog_resize.bmp
2005-08-26 15:58 534 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\mesbtn_right.bmp
2005-08-26 15:58 534 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\mesbtn_mid.bmp
2005-08-26 15:58 534 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\mesbtn_left.bmp
2005-08-26 15:58 534 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\itemwin_right.bmp
2005-08-26 15:58 534 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\itemwin_left.bmp
2005-08-26 15:58 5094 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\chatwin1_right.bmp
2005-08-26 15:58 5094 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\chatwin1_mid.bmp
2005-08-26 15:58 5094 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\chatwin1_left.bmp
2005-08-26 15:58 4974 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\tab_itm_03.bmp
2005-08-26 15:58 4974 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\tab_itm_02.bmp
2005-08-26 15:58 4974 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\tab_itm_01.bmp
2005-08-26 15:58 486 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\radiobtn_on.bmp
2005-08-26 15:58 486 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\radiobtn_off.bmp
2005-08-26 15:58 486 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\ico_stone.bmp
2005-08-26 15:58 486 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\ico_silence.bmp
2005-08-26 15:58 486 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\ico_poison.bmp
2005-08-26 15:58 486 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\ico_frozen.bmp
2005-08-26 15:58 486 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\ico_curse.bmp
2005-08-26 15:58 486 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\ico_confusion.bmp
2005-08-26 15:58 486 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\dialog_btn2.bmp
2005-08-26 15:58 486 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\dialog_btn1.bmp
2005-08-26 15:58 486 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\dialog_btn0.bmp
2005-08-26 15:58 450 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\sys_mini_on.bmp
2005-08-26 15:58 450 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\sys_mini_off.bmp
2005-08-26 15:58 450 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\sys_close_on.bmp
2005-08-26 15:58 450 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\sys_close_off.bmp
2005-08-26 15:58 450 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\sys_base_on.bmp
2005-08-26 15:58 450 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\sys_base_off.bmp
2005-08-26 15:58 450 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\arw_up.bmp
2005-08-26 15:58 450 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\arw_right_on.bmp
2005-08-26 15:58 450 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\arw_right.bmp
2005-08-26 15:58 450 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\arw_left.bmp
2005-08-26 15:58 450 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\arw_down.bmp
2005-08-26 15:58 43254 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\dialog_bg.bmp
2005-08-26 15:58 3942 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\btn_cartoff.bmp
2005-08-26 15:58 374 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\checkbox_1.bmp
2005-08-26 15:58 374 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\checkbox_0.bmp
2005-08-26 15:58 3126 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\colorchip.bmp
2005-08-26 15:58 28614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\shortitem_bg.bmp
2005-08-26 15:58 270 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\shortitem_btn.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_use_b.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_use_a.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_use.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_sell_b.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_sell_a.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_sell.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_ok_dis.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_ok_b.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_ok_a.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_ok.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_next_b.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_next_a.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_next.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_exchange_dis.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_exchange_b.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_exchange_a.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_exchange.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_close_b.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_close_a.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_close.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_cancel_b.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_cancel_a.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_cancel.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_buy_b.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_buy_a.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_buy.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_back_b.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_back_a.bmp
2005-08-26 15:58 2614 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\btn_back.bmp
2005-08-26 15:58 246 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\dialog_mid.bmp
2005-08-26 15:58 246 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\cutline_0.bmp
2005-08-26 15:58 2358 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\gze_bg.bmp
2005-08-26 15:58 222 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\sysboxs_ru.bmp
2005-08-26 15:58 222 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\sysboxs_rd.bmp
2005-08-26 15:58 222 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\sysboxs_lu.bmp
2005-08-26 15:58 222 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\sysboxs_ld.bmp
2005-08-26 15:58 214 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\scroll0bar_up.bmp
2005-08-26 15:58 214 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\scroll0bar_mid.bmp
2005-08-26 15:58 214 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\scroll0bar_down.bmp
2005-08-26 15:58 210 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\scroll1bar_right.bmp
2005-08-26 15:58 210 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\scroll1bar_mid.bmp
2005-08-26 15:58 210 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\scroll1bar_left.bmp
2005-08-26 15:58 1894 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\btn_status_on.bmp
2005-08-26 15:58 1894 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\btn_status_off.bmp
2005-08-26 15:58 1894 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\btn_status_dis.bmp
2005-08-26 15:58 1894 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\btn_skill_on.bmp
2005-08-26 15:58 1894 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\btn_skill_off.bmp
2005-08-26 15:58 1894 --a------ C:\Program Files\Gravity\RO\skin\Deliverance\basic_interface\btn_s

[Rorschach112]

Grr I am missing something thats why it is coming back

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

[Mercuryrose88]

Thank you again!

I went to the Kaspersky Online Scanner and right now it is updating the anti-virus database. I wanted to post this reply because I went back through my previous posts and realized that I didn't add in some information that I thought you might need to know. :-( I thought I did, but I guess it was one of those things where you're thinking it but you don't realize you didn't write it down. *sheepish*

I don't know if this was important or not, but whenever I ran Combofix.exe a window would pop up saying that "freeware implementation of REG.exe has stopped working" and Windows had to stop the program and close it. A couple other popups would come up, saying about a guide on how to use combofix was online and such, but then it would continue to work, I guess without any other hitches, though I couldn't tell as this was my first time using combofix.

Also, when I first tried deleting the smitfraud from my computer, I went into safe mode and tried deleting the file. In safe mode, I was able to do so, but when I restarted into normal mode, it was still there. Later, after I implemented your suggestions with the CFScript.txt file into combofix and ran spybot, and still pulled it up, I decided to go back into safe mode and run spybot again, though this time it didn't pull the smitfraud file up, and when i tried looking for the file location, the file wasn't there anymore. I went back into normal mode however, and ran spybot again, but it pulled up the smitfraud and I could find the file it was in in the pathway spybot listed.

I'll put up the results of the Kaspersky scan as soon as it is done, but I just wanted to give you any additional information that I thought might help you figure out what you missed. ^_^

Thank you very much!

[Mercuryrose88]

Here is the report of the Kaspersky online scanner- I don't think it brings very good news ^~^ lol

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 30, 2008 2:15:53 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/01/2008
Kaspersky Anti-Virus database records: 538096
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 100482
Number of viruses found: 2
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 02:18:36

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\0299021201533536mcinst.exe Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\09B2C97D-C29A-4971-974B-8F1EAEFAAB63 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\189805F1-16D9-4094-9A81-292FA9377E3D Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\305899A5-ADA1-4C55-9E2B-644E6277D062 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\559C70B1-7C19-4231-BB83-453F5FC43227 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\70C03E97-62D5-4733-AA33-93402C0653D2 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\7C3FBA0C-7C75-4A35-A64A-15FEC348E8CA Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\7F85C6E7-9035-4A5B-8F51-DE7BBDC3397B Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\89057B4C-1E5B-45D9-907C-60090015D76B Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\coinlog.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\D959AAA9-E55B-4F3E-8BCC-82CFEDEFB78D Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI1CFA.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI352C.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI43AF.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMIF2AB.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMIF4C9.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\F9E3D0A6-EC48-42A1-AED7-C3742E1CAE09 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile00.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile01.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile02.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile03.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile04.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile05.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile06.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile07.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile08.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile09.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile10.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile11.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile12.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile13.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile14.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile15.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile16.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile17.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile18.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile19.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070628-231038-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070628-231042-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070629-121520-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070629-121534-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070630-005726-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070630-005732-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070630-174940-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070630-174950-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070630-233100-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070630-233144-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070701-122542-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070701-122605-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070701-210339-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070701-210407-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070702-101020-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070702-101026-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070703-172150-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070703-172157-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070710-140343-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070710-140350-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070711-032753-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070711-032803-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070711-133204-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070711-133210-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070715-072938-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070715-072946-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070715-104903-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070715-104910-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070716-101218-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070716-101224-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070716-202201-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070716-202209-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070717-084503-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070717-084510-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070717-103005-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070717-103014-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070717-191833-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070717-191838-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070719-082023-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070719-082032-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070725-160531-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070725-160539-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070726-213638-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070726-213645-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070727-110953-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070727-111003-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070808-220839-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070808-220846-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070812-134955-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070812-135002-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070815-033406-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070815-033414-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070819-224728-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070819-224736-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070822-123111-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070822-123305-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070823-183844-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070823-183902-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070826-205020-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070826-205029-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070830-032637-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070830-032646-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070831-033000-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070831-033010-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070831-170118-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070831-170125-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070904-094742-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070904-094757-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070905-032544-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070905-032553-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070905-110944-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070905-110953-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070905-181957-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070905-182006-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070909-123041-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070909-123123-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070910-153258-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070910-153307-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070914-225059-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070914-225111-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070919-133159-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070919-133208-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070920-122736-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070920-122744-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070922-002057-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070922-002105-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070929-105230-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070929-105238-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070930-141319-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070930-141332-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071002-222525-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071002-222539-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071006-100336-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071006-100346-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071007-140033-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071007-140042-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071011-032355-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071011-032405-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071011-115752-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071011-115800-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071012-170922-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071012-171021-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071022-171705-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071022-171734-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071024-122853-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071024-122901-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071024-180222-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071024-180230-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071024-190554-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071024-190646-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071027-032007-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071027-032017-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071028-011624-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071028-011638-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071028-150742-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071028-150753-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071107-165843-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071107-165852-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071109-180205-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071109-180213-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071109-214044-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071109-214100-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071113-173051-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071113-173102-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071118-000025-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071118-000036-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071119-150724-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071119-150735-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071120-141125-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071120-141144-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071121-115449-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071121-115500-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071121-171908-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071121-172106-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071122-183706-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071122-183724-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071201-003422-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071201-003433-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071201-151133-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071201-151206-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071201-164426-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071201-164440-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071201-173354-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071201-173404-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071207-131104-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071207-131114-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071207-225216-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071207-225240-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071209-002808-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071209-002817-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071212-180112-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071212-180122-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071218-011325-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071218-011411-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071220-221312-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071220-221322-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071221-115245-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071221-115255-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071225-204358-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071225-204406-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071225-213724-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071225-213735-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071226-141230-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071226-141241-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071227-225509-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071227-225519-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080109-173655-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080109-173709-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080115-203353-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080115-203414-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080119-144141-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080119-144150-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080120-114534-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080120-114626-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080121-144802-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080121-144814-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080123-160605-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080123-160703-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080123-175340-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080123-175354-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080128-123417-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080128-123427-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_37LuJn9fXG6IG5E Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_6B5Vyq2xm8UqHwj Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_6WQCF1F1BEtOjYa Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_A0YMt73nXLDZmAp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_AjE7twesI92AR7F Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_cRUYREDGUaxOMmc Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_Cw6152j2EHj7WHt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_duzx7ExGqefurfq Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_eBjjXwuCB7E3xQs Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_EThhKmRVeoN7fNw Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_fLYf2GhvCsQiBt7 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_FZWXNxk1ybxHxPu Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_gdPvDzZJYtfF5g8 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_gvdbgWQnjehP4ra Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_idMtPbS7g70vCrP Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_kfEhGhBnmsAVzxT Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_kvHJHl7qNvKWSKX Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_l6nHDUMdL2vrJNp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_Lg1vW3719xx6y5h Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_lOHPwy0D3Stjcgr Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_lvMiCUgqfOsvs25 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_NAT6l5fPhDFXf2e Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_OEYk544hL1MySVV Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_ogO24wCiODcDb7p Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_OrVzNG6PSKM2J0n Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_OurUQ1Z36CvKhx8 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_q8wyVgYqM3h9aHI Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_rfDd1opg5p84Va9 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_SlQ5YcRjWLsLYcC Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_sOMRDgv5Mv6pNEn Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_tw4v0hBDg0KmltY Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_XXu6Rr7yeMwuz78 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_YRfHp3yJineGeOe Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_zU6UxsUbS5lxqr7 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_ZwiGmiHsmGMWJeF Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_08IdZF0ETCM1bfl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_1psaCrkVCSaH1xB Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_2eoT1JP1p4h1YxM Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_4MvYhtOSfnsFAEC Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_808DFaqdJUqOBSW Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_8m4ACldZ4H81xt4 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_8rTIjbWGmdUhW65 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_9uRGRYxGJAJU5Of Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_bc00IcU2CFtjr0L Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_BkzE8p4ekzeTTHW Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_boAAvywP9JdUfQV Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_BVIyzsd7AWZfKq8 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_dOmLKOZke4dnbYg Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_EiIGshENC9f6afs Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_eNtQcM2iA8XbOx8 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_eTvBQ5ke5kjgAE9 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_EUecwV3kFn5PrvA Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_FlyiLNXqln75o6w Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_FlYNYehjywkRFt4 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_FwUnrU1pzmaIjzq Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_G3LdZswIcYWRFFZ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_hagZLF9aWQpMQ0G Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_HidskNLGYwJJoGn Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_Hmg6q1pQq9SkeY5 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_jjUv0RXx8gzA3qF Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_Jx1p6fDhMCnCOpK Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_k1vuC1nn5K4yn2Y Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_KugNseqdf6aa0pe Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_l5DDa9hoMk2hNKd Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_MGTL0THNYpUwhx0 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_MHENIjT0AXz8b7J Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_o0az16Jp2oYMPmx Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_O2XUsE78POnaafX Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_ol9ha0zayutwzEy Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_RGea62jbYAmZE7W Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_Rh98mOj6Ebjj26w Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_rpgppMRgMLdwiRL Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_rVb16RNmeevSwM4 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_sMgcQvwhIpWTyeO Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_Tc3zH8Lt15JhZX1 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_v8hnGxKXfTHbUm2 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_V93XiZR3ffHm88o Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_vE6eTvwKYHAtZp2 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_VoDw3eoszN6LETx Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_VrBNbGNaa9YSkw5 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_wbtqnNIKuWFRNGl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_wqqIiMGdPPQBMFr Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_WViNA4uiku6IRSn Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_Z9uyBEWQBWcmNJ0 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_ZBWpevdQEXTVgmg Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_zy59LtyQf6TTSic Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\ppcrlui_5040_2 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_0drRQEATbg7SH0i Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_0Fj6j5A16lctvYM Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_0ftwvgtzNN6HF7W Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_0FYAoU96xNC8udm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_0ktIizX2I6DQlo1 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_0ox1tkxbkqffbxn Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_0XevCvxa8etcgqx Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_1Cljdx4cbVmQZjL Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_1LxnStbLTOqEh2Z Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_1MNIVvJ4zC7sNcn Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_1Opblbgwc9GY4wh Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_1TW80cJNG7FwvMN Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_1WACkAJiz8Egnez Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_22fXNzAqHUO13AK Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_2BedOpotgN1z2qX Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_2cb9aqXiFfdZezV Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_2Q2dCZdC9aTSxkS Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_2VsIKWzficcdcmj Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_35qyQgHTlK9pUe8 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_3CAUYK32ledIP7n Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_3HI7wG0jnbcWGU0 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_3pZKjnE9yO68OtT Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_3qvlWY3VwB0zJxW Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_3qyOOQso3b5rtXM Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_3RGQzedzWhM9Az6 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_3t199mcbPQlUwHu Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_3VO9ibH54FhOW76 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_4GbmVCIZpSloc3R Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_4Hdv0YPap0wepda Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_4j0c8epOKAdEezf Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_4KI6V2tA87huqha Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_4mFgNYwZAXydbXe Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_4Yc1C0aVNKZEcFY Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_54sVXkLzZnqW2Bt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_5APXhuoVgvGrCQW Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_5cowswowoKlmNVn Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_5Hk16ff0f4zEbIe Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_5I6znNvW0BthcGK Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_5S9sSAOMUbcQ2Th Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_5srViInq025cn4L Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_5uHt4dd3DWeX82q Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_5XAbWCc1KlKNFz7 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_62Zn1q5QXT2IBBb Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_68VMSNqaMiv6RD1 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_6eWZ7OcDWyO89Xv Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_6l17esBha4Cd9GJ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_6qRjBtzpKa08p6P Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_6uisGrmbkT6WRVQ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_78DDmEB3ciYWX7i Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_7a5xiKI7BcWSyjv Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_7aolbfjJDj830Cc Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_7dMNYwwrOXr6Hzy Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_7TpHf1yXSFQhfJY Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_7XOk5XYkvjNEEsW Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_7YpX94X1QOe6h0s Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_80xRvhyfqLYF6wc Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_88pzxT84Gvp3ijD Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_8ajwg68XxrKa6x0 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_8ENQZvTwA9lvI4h Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_8JzomsZDB2Olgfo Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_8nS8thZszLY77cJ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_8y4pD6Xz2TuZUZa Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_8yR49Ta1UrboShB Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_9bnXTGG7PbePB1F Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_9g75RftOj1sHg7f Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_9Q6HN9e7esiggnk Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_9RU4TbePjcS1l9g Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_9tml0VEgs4cGRgk Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_9ZFiowWgouy7Zaq Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_9zhm5EKNjskqdVa Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_A2p4blTk4amAayk Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_a2WafZ8dhNxUPpL Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_A59eVThXuoFb3ng Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_A6I5GyZIeuG9knb Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_acpTwYtzfIfpmTr Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_ADswXBRXxPbNjLZ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_aFc09DoqRlvuCWO Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_AhOZCTOZaIwLKwD Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_AKdwL47rQ3FHhyz Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_AonzqAL18lFVTOZ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_aOQ8x2C36EIRyNu Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_aPxwCewWSLs6jHY Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_ar6QsG8cxvt0hcg Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_asvjGefXqEh9toR Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_ATPkIWHIdBabQcX Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_AV9XhRPVXFfrKUz Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_awEmxgh9wRUeyr8 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_aXgfgD7BuQKaqE2 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_AyxbG8sAxt858fH Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_b1M9oWtxIOwF2j0 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_B5c46SqHG5qm8ii Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_b61bCo9IKSLVyfL Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Bce64Ec0i75bObP Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_bd9Ryqdh3qGA6gQ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_bdFUwQ5eMlZ4l2n Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_BevGF9pmETFHs3b Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_bgeQrBz2NwSaTLa Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_bGf0sDl9i73NmL9 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_BGp5ByW3qIy4cqE Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_bj1bJQLOluneome Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Bk3PNEtKcCeeyIc Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Bt8Hfv5HmYSfIsK Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_BTLzSwR4A66NQoD Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_BvPjsZ7jsx122jE Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_BXheRJxhshGrHtl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_C2t6kpuK0y1wg6E Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_c9RwrCCrgJcUyTM Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_CAqyCG8PUjnsf0u Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_CAuVMceqKBnQQcE Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_cbjVlYI9mIWYEaT Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_CBOE2kBZV0HHtpt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_cCWsmIePsgvzHL3 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_cDAVjqdp9CWkx8d Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_cdJC5T7dp8Rqygu Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_cEPlcqEohuNWoiN Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_CGWhf1lAsrhpV10 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_cLcRbvxlvjUkGZm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_cusxEDcfUOCdFha Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_cXb5YYgMMa1EMJr Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_cYzKGjqUAWdV5TM Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_D7UCHc0qmbxsfYC Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_DBX1FgxmphbJCfd Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_dctWorGcoMjBkwt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_dgW8WDgZdNwTQiQ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_DL2xdEgiPxJUhgj Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_dlldVRbdDUCWHGn Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_dN1LO9BUlItvm8C Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_DozVUXrkutX9MDg Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_DQBf1T8Nd9feQME Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_drl1OeAGtntjZQJ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_dtNG1zb5Z5iGHpl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_dxE9WCSEWIpBmQf Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_EabOyfqLz2JxcKV Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_EBql4OMXvhMw7J9 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_EEl1jT4dg7zugS5 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_eESjPPsSEtdcCVd Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Eh8QKyKFND1Ne9d Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_ekvT5boMN2LyPcf Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_eMvIthtybrCBdOc Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_EW7P2mHdhswkpxy Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_f05yfgHd36zdvEc Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_F7nawdba2VHcfHu Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_fAkSv2QPELl7BGo Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_FCImC2VNImAm2Uq Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_FE462xzcXmCCkw4 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_FhnN25rxWeVEkxH Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_FJlPywgIQaRAtn4 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_foQUxgyHIOGKBL4 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_fqCELSh59jSgRBr Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_FqnkJxd0IDYaeIF Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_fRkoaYuEuHoj3sa Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_fttJOOCc6f1C6va Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_fvpysffWdjote5U Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_g1xBSsGmOb3esm7 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_g52sB3jTpJ5r8wf Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_G7axO9i9IthPhfM Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_GcR21mewliUY51T Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_gfNmnBxqgdCvHmx Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_gindgfEbViwuhC9 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_gj41dMZRlx4GCvC Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Go21DbRadPg4vck Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_gRjEXjuuXZvfNVi Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_gSQrTXm72puMdJb Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_GSVipGcj3br7ACH Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_gxiS2IYgRg68eXD Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_gXwdAB7wr61yxU7 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_H8jUukvvqVYwayD Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Hak2oJHPEwaqdkt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_haynLf5bg6CR83J Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_hbfcuz6JOwqtHDp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_HBZCHfEAYQMadh9 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_hcxg3ngygnIs4wi Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_HdVXebsLAJW3Poh Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_HeivX7dheIHIOwN Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Hf1tDklq6QoBaBm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_HgIH9JtbzrK8JYl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_hGPMP9wyDBsR2sb Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_HNSGzo17w6bWsVC Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_hNYCeFEAX0hfYdR Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_hSaoZ0H3ZQfuYlh Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_HsGC63FUSr5Y4J2 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_hvApUpz0ngKHEUd Object is locked skipped
C:\Deckard&#

[Rorschach112]

Can you attach that report as some of it is missing

[Mercuryrose88]

Oops, sorry here is what it gave me! ^_^  kaspersky_report_2.txt   171KB   673 downloads

Edited by Mercuryrose88, 30 January 2008 - 05:30 PM.

[Rorschach112]

Hello

Delete this folder in bold

C:\Users\Mercuryrose88\AppData\Local\VirtualStore\Windows\Image2008.zip


Then delete ComboFix.exe and the folder C:\qoobox then do this


Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall