Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

cannot remove vundo or nebuler [CLOSED]

Started by 12gauge , Mar 11 2008 02:56 PM

  • This topic is locked This topic is locked

#1
12gauge
Posted 11 March 2008 - 02:56 PM

12gauge

    New Member

  • Member
  • Pip
  • 5 posts
hi when i run a scan with norton internet security its results tell me i have 3 problems it can not cure they are ( 1 result for VUNDO and 2 results for NEBULER) i have tried vundo fix , spyware doctor 5.5 , and spyeraser 2, but they all tell me that vundo and nebuler are not found but norton still does ?????????/ any help please


12gauge
  • 0

Advertisements

#2
Essexboy
Posted 11 March 2008 - 03:42 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there before I can help I will need to know what it is that you have - to that end

Download & Run HijackThis.exe

  • Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
  • 0

#3
12gauge
Posted 12 March 2008 - 03:20 AM

12gauge

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
THANKS THE LOG IS AS FOLLOWS


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:18:11, on 12/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\FlashGet\flashget.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 8062 bytes
  • 0

#4
Essexboy
Posted 12 March 2008 - 02:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nothing visible there so lets look a bit deeper

As a Vista user I will require that all the programmes I ask you to run, be run by right clicking the icon and selecting Run as Administrator. Otherwise some programmes may fail to do their job properly


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#5
12gauge
Posted 12 March 2008 - 03:31 PM

12gauge

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
as instructed and thanks a lot for such fast replys my pc seems to be slowing down a bit more every time i go online


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Basic (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Celeron® D CPU 3.33GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 445.88 MiB / 153.51 MiB
Pagefile Memory (total/avail): 1436.41 MiB / 790.01 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1885.13 MiB

C: is Fixed (NTFS) - 143.68 GiB total, 118.63 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
R: is Fixed (NTFS) - 5.37 GiB total, 2.26 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD1600BB-22RDA0 ATA Device - 149.05 GiB - 2 partitions
\PARTITION0 - Installable File System - 5.37 GiB - R:
\PARTITION1 (bootable) - Installable File System - 143.68 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation)
AS: Spyware Doctor v5.5.0.204 (PC Tools) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton Internet Security v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\john\AppData\Roaming
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOHN-PC
ComSpec=C:\Windows\system32\cmd.exe
DEFAULT_CA_NR=CA18
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\john
LOCALAPPDATA=C:\Users\john\AppData\Local
LOGONSERVER=\\JOHN-PC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\john\AppData\Local\Temp
TMP=C:\Users\john\AppData\Local\Temp
USERDOMAIN=john-PC
USERNAME=john
USERPROFILE=C:\Users\john
windir=C:\Windows
__COMPAT_LAYER=RunAsAdmin


-- User Profiles ---------------------------------------------------------------

john


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements 6.0 --> msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Amazing Photo Editor V7.1 --> C:\PROGRA~1\AMAZIN~1\UNWISE.EXE C:\PROGRA~1\AMAZIN~1\INSTALL.LOG
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Camera RAW Plug-In for EPSON Creativity Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x9 UNINST
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
ConvertXtoDVD 2.99.13.900 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07 --> "C:\Program Files\Cucusoft\avi-dvd-pro\unins000.exe"
Cucusoft Ultimate DVD + Video Converter Suite 7.8.7.6 --> "C:\Program Files\Cucusoft\Ultimate-Converter\unins000.exe"
Date Cracker 2000 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Date Cracker 2000\ST6UNST.LOG"
Date Cracker 2000 (C:\Program Files\Date Cracker 2000\) --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Date Cracker 2000\ST6UNST.000"
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x9 UNINST
EPSON Printer Software --> C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
FlashGet 1.9.0.1012 --> C:\Program Files\FlashGet\uninst.exe
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
K-Lite Mega Codec Pack 3.7.5 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lame ACM MP3 Codec --> "C:\Windows\IFinst26.exe" -UC:\Program Files\Lame MP3 Codec\IFU73BD.inf
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 7 Ultra Edition --> MsiExec.exe /I{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Nvu 1.0 --> "C:\Program Files\Nvu\unins000.exe"
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
Power2Go 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Radio Decoder --> C:\Windows\iun6002.exe "C:\Program Files\Radio Decoder\irunin.ini"
Real Alternative 1.7.5 --> "C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Samsung Media Studio --> C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\Setup.exe -runfromtemp -l0x0009 -removeonly
Sony Ericsson Device Data --> MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson PC Suite --> C:\Windows\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
Sony Ericsson PC Suite --> MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Uniblue SpeedUpMyPC 3 --> "C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
Uniblue SpyEraser --> "C:\Program Files\Uniblue\SpyEraser\unins000.exe"
VIA Display Vista Driver 7.14.10.0055 --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u -log UChromeP.uns
VideoLAN VLC media player 0.8.6e --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VSO Image Resizer 1.3.4d --> "C:\Program Files\VSO\Image Resizer\unins000.exe"
WinAVI Video Converter --> "C:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> "C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Mobile Device Center --> MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Windows Mobile Device Center Driver Update --> MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type7171 / Error
Event Submitted/Written: 03/12/2008 09:11:57 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program msnmsgr.exe version 8.5.1302.1018 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1594
Start Time: 01c8845f3c20c800
Termination Time: 839

Event Record #/Type7170 / Error
Event Submitted/Written: 03/12/2008 09:11:55 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program iexplore.exe version 7.0.6000.16609 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 176c
Start Time: 01c8844f8756c280
Termination Time: 2263

Event Record #/Type7168 / Error
Event Submitted/Written: 03/12/2008 09:11:25 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program iexplore.exe version 7.0.6000.16609 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: f48
Start Time: 01c88451d4de9710
Termination Time: 2324

Event Record #/Type7139 / Error
Event Submitted/Written: 03/12/2008 02:43:59 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program msnmsgr.exe version 8.5.1302.1018 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: b8c
Start Time: 01c8842d9a364a70
Termination Time: 111

Event Record #/Type7120 / Success
Event Submitted/Written: 03/12/2008 00:48:51 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20728 / Error
Event Submitted/Written: 03/12/2008 08:59:11 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.100.10 on the Network Card with network address 0011E3DFC072.

Event Record #/Type20727 / Warning
Event Submitted/Written: 03/12/2008 08:59:11 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0011E3DFC072. The following error occurred:
%%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type20721 / Error
Event Submitted/Written: 03/12/2008 08:58:35 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 78.137.135.212 for the Network Card with network address 0011E3DFC072 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type20720 / Warning
Event Submitted/Written: 03/12/2008 08:58:35 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0011E3DFC072. The following error occurred:
%%2163146757. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type20719 / Error
Event Submitted/Written: 03/12/2008 08:58:14 PM
Event ID/Source: 5002 / netrcacm
Event Description:
RCA USB Cable Modem : Has determined that the network adapter is not functioning properly.



-- End of Deckard's System Scanner: finished at 2008-03-12 21:24:54 ------------

Deckard's System Scanner v20071014.68
Run by john on 2008-03-12 21:09:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 446 MiB (1024 MiB recommended).


-- HijackThis (run as john.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:47, on 12/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe
C:\Downloads\dss.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\john.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 7825 bytes

-- File Associations -----------------------------------------------------------

.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 pgfilter - \??\c:\program files\peerguardian2\pgfilter.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Autodata Limited License Service - "c:\program files\common files\autodata limited shared\service\adcdlicsvc.exe" <Not Verified; Autodata Limited; Autodata Limited License Service>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 VundoFixSvc (VundoFix Service) - vundofixsvc.exe <Not Verified; Atribune.org; Vundofix Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-10 20:04:42 544 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - john.job
2008-02-27 01:34:41 336 --a------ C:\Windows\Tasks\Uniblue SpyEraser.job


-- Files created between 2008-02-12 and 2008-03-12 -----------------------------

2008-03-12 09:17:37 0 d-------- C:\Program Files\Trend Micro
2008-03-09 14:46:13 49152 --a------ C:\Windows\system32\ArmAccess.dll
2008-03-09 14:39:30 0 d-------- C:\Program Files\Spyware Doctor
2008-03-07 21:47:50 0 d-------- C:\Program Files\VideoLAN
2008-03-07 20:52:14 0 d-------- C:\Program Files\Real Alternative
2008-03-06 11:25:35 0 d-------- C:\usr
2008-03-06 11:07:30 0 d--h----- C:\Users\john\Zero G Registry
2008-03-06 11:07:30 0 d-------- C:\Users\john\Vivid WorkshopData ATI
2008-03-06 11:05:58 16 --a------ C:\Users\john\persistent_state
2008-03-06 10:46:06 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-03-06 10:39:29 716272 --a------ C:\Windows\system32\drivers\sptd.sys
2008-03-04 23:15:02 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-04 20:48:01 118784 --a------ C:\Windows\system32\msstdfmt.dll <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-03-04 20:47:19 0 d-------- C:\Program Files\SystemGuards.com
2008-03-02 15:14:48 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-03-02 14:43:06 0 d-------- C:\VundoFix Backups
2008-03-02 01:50:34 0 d-------- C:\Program Files\Common Files\Autodata Limited Shared
2008-03-02 01:50:34 0 d-------- C:\ADCDA2
2008-03-02 01:50:22 0 d-------- C:\ADCDTEMP
2008-03-02 01:23:21 0 d-------- C:\Program Files\MagicISO
2008-03-01 23:10:13 0 d-------- C:\Program Files\Date Cracker 2000
2008-03-01 23:10:01 73216 --a------ C:\Windows\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-03-01 20:12:33 720896 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-03-01 20:12:31 0 d-------- C:\Program Files\Radio Decoder
2008-02-29 20:40:38 0 --a------ C:\ntuser.dat
2008-02-29 11:52:29 0 d--h----- C:\Windows\PIF
2008-02-29 11:29:00 0 d-------- C:\Program Files\Norton Internet Security
2008-02-27 00:55:49 0 d-------- C:\Program Files\Uniblue
2008-02-25 22:31:48 0 d-------- C:\Program Files\iPod
2008-02-25 22:31:29 0 d-------- C:\Program Files\iTunes
2008-02-25 22:26:51 0 d-------- C:\Program Files\Common Files\Apple
2008-02-25 00:18:50 164352 --a------ C:\Windows\system32\unrar.dll
2008-02-25 00:18:20 217088 --a------ C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-02-25 00:18:12 755027 --a------ C:\Windows\system32\xvidcore.dll
2008-02-25 00:18:11 159839 --a------ C:\Windows\system32\xvidvfw.dll
2008-02-25 00:18:06 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-02-25 00:18:05 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-25 00:17:54 682496 --a------ C:\Windows\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-25 00:17:31 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-02-25 00:16:53 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-02-24 23:31:34 217127 --a------ C:\Windows\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-02-24 23:31:34 208935 --a------ C:\Windows\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-02-24 23:31:33 176165 --a------ C:\Windows\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-02-24 23:31:33 65602 --a------ C:\Windows\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-02-24 20:35:43 0 d-------- C:\Program Files\WinAVI Video Converter
2008-02-24 20:33:19 0 d-------- C:\ConverterOutput
2008-02-24 20:30:22 0 d-------- C:\Program Files\[bleep] NFO Viewer
2008-02-24 12:37:55 34820 --a------ C:\Windows\system32\ffdshow.reg
2008-02-24 12:37:54 262144 --a------ C:\Windows\system32\TomsMoComp_ff.dll
2008-02-24 12:37:54 395776 --a------ C:\Windows\system32\libmplayer.dll
2008-02-24 12:37:54 112640 --a------ C:\Windows\system32\libmpeg2_ff.dll
2008-02-24 12:37:54 2255360 --a------ C:\Windows\system32\libavcodec.dll
2008-02-24 12:37:51 348160 --a------ C:\Windows\system32\cdga.dll <Not Verified; ; Cucusoft Audio Transparent Filter>
2008-02-24 12:37:51 364544 --a------ C:\Windows\system32\cdg.dll <Not Verified; Cucusoft Inc.; Cucusoft>
2008-02-24 12:37:51 14909 --a------ C:\Windows\system32\A_reg.reg
2008-02-24 12:37:48 0 d-------- C:\Program Files\Cucusoft
2008-02-22 22:38:24 0 d-------- C:\Users\john\{d875455c-2246-4a63-9d5d-5b18d663d688}
2008-02-22 17:54:36 0 d-------- C:\Program Files\Nvu
2008-02-19 19:36:07 102400 --a------ C:\Windows\system32\ProgHelp.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-02-19 19:36:06 44440 --a------ C:\Windows\system32\MtpAccess.dll
2008-02-19 13:45:58 0 d-------- C:\Program Files\MSXML 4.0
2008-02-18 00:00:14 0 d-------- C:\Users\john\{f289f2bc-785e-4653-a0f4-637880836a19}
2008-02-17 23:35:58 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-02-17 23:35:53 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-02-17 23:35:49 0 d-------- C:\Program Files\Sony Ericsson
2008-02-17 23:35:22 0 d-------- C:\Windows\Downloaded Installations
2008-02-17 20:50:32 0 d-------- C:\Program Files\Nero
2008-02-17 20:50:31 0 d-------- C:\Program Files\Common Files\Ahead
2008-02-17 15:57:40 0 d-------- C:\Windows\pss
2008-02-17 11:44:11 0 d-------- C:\Program Files\Apple Software Update
2008-02-17 11:38:15 0 d-------- C:\Program Files\QuickTime
2008-02-16 20:59:40 110592 --a------ C:\Windows\system32\TG_DUMP0708.DLL <Not Verified; ENJsoft Corporation; SelfMusicVideo>
2008-02-16 20:51:53 299008 --a------ C:\Windows\system32\LAME_MP3.dll
2008-02-16 20:51:51 0 d-------- C:\Program Files\Lame MP3 Codec
2008-02-16 20:51:43 65024 --a------ C:\Windows\IFinst26.exe
2008-02-16 20:48:42 57344 --a------ C:\Windows\system32\MTXSYNCICON.dll <Not Verified; Marktek Inc.; MTXSYNCICON Module>
2008-02-16 20:48:42 155648 --a------ C:\Windows\system32\MSFLib.dll <Not Verified; Teruten Inc.; MSFLib>
2008-02-16 20:48:42 245760 --a------ C:\Windows\system32\MSCLib.dll <Not Verified; Teruten Inc.; MSCLib>
2008-02-16 20:48:40 40960 --a------ C:\Windows\system32\MTTELECHIP.dll <Not Verified; Telechips Inc.,; TCC730 USB>
2008-02-16 20:48:39 364544 --a------ C:\Windows\system32\MASetupWizard.dll <Not Verified; (?)????; MASetupWizard Module>
2008-02-16 20:48:39 24576 --a------ C:\Windows\system32\MASetupCleaner.exe <Not Verified; (?)????; MASetupCleaner ?? ????>
2008-02-16 20:48:38 45056 --a------ C:\Windows\system32\MaXMLProto.dll <Not Verified; (?) ????; XML ?? ???? ?????>
2008-02-16 20:48:38 106609 --a------ C:\Windows\system32\MaJUtilLib.dll <Not Verified; (?) ????, ??? ???; MaJUtilLib ?? ?? ?????>
2008-02-16 20:48:38 49152 --a------ C:\Windows\system32\MaJGUILib.dll <Not Verified; (?) ????; MaJGUILib ?? ?? ?????>
2008-02-16 20:48:37 57344 --a------ C:\Windows\system32\MK_Lyric.dll <Not Verified; Marktek; Marktek MK_Lyric>
2008-02-16 20:48:37 45056 --a------ C:\Windows\system32\MACXMLProto.dll <Not Verified; (?) ????; ????? ???? ?????>
2008-02-16 20:48:32 40960 --a------ C:\Windows\system32\MAMACExtract.dll <Not Verified; ???????; ??????? MAMACExtract>
2008-02-16 20:48:32 0 d-------- C:\Program Files\MarkAny
2008-02-16 20:48:18 118784 --a------ C:\Windows\system32\MaDRM.dll <Not Verified; (?)????; MaDRM ?? ?? ????? with PKI>
2008-02-16 20:48:12 921600 --a------ C:\Windows\system32\vorbisenc.dll
2008-02-16 20:48:12 188416 --a------ C:\Windows\system32\vorbis.dll
2008-02-16 20:48:12 110592 --a------ C:\Windows\system32\tg_dump.dll <Not Verified; ENJsoft Corporation; SelfMusicVideo Filter>
2008-02-16 20:48:12 200704 --a------ C:\Windows\system32\muzwmts.dll <Not Verified; © MusicCity; P3WMTSplitter Filter>
2008-02-16 20:48:12 0 d-------- C:\Program Files\Samsung
2008-02-16 20:48:11 237568 --a------ C:\Windows\system32\OggDS.dll <Not Verified; ; Ogg DirectShow™ Filter Collection>
2008-02-16 20:48:11 45056 --a------ C:\Windows\system32\Ogg.dll
2008-02-16 20:48:11 163840 --a------ C:\Windows\system32\muzapp.exe <Not Verified; Musiccity Co.Ltd.; MUZAoDApp Module>
2008-02-16 20:48:11 471040 --a------ C:\Windows\system32\muzapp.dll <Not Verified; Musiccity Co.Ltd.; MUZAoDAppCtrl Module>
2008-02-16 20:48:11 135168 --a------ C:\Windows\system32\muzaf1.dll <Not Verified; Musiccity Co.Ltd.; muzaf1>
2008-02-16 16:29:35 0 d-------- C:\Program Files\PeerGuardian2
2008-02-16 12:45:27 0 d-------- C:\Program Files\DivX
2008-02-15 17:58:37 0 d-------- C:\Program Files\Windows Live Safety Center
2008-02-15 00:11:56 0 d-------- C:\Downloads
2008-02-14 22:40:31 0 d-------- C:\Program Files\FlashGet
2008-02-14 22:38:58 0 d-------- C:\Program Files\Azureus
2008-02-12 21:30:59 0 d-------- C:\Program Files\Common Files\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-03-12 17:22:48 0 d-------- C:\Users\john\AppData\Roaming\EPSON
2008-03-11 23:42:40 12 --a------ C:\Windows\bthservsdp.dat
2008-03-11 19:44:16 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-11 19:04:46 0 d-------- C:\Program Files\Windows Mail
2008-03-09 14:39:30 0 d-------- C:\Users\john\AppData\Roaming\PC Tools
2008-03-08 07:56:06 0 d-------- C:\Users\john\AppData\Roaming\vlc
2008-03-07 20:52:14 0 d-------- C:\Users\john\AppData\Roaming\Real
2008-03-06 10:38:19 0 d-------- C:\Users\john\AppData\Roaming\DAEMON Tools
2008-03-05 21:40:33 0 d-------- C:\Users\john\AppData\Roaming\Adobe
2008-03-04 23:15:02 0 d-------- C:\Program Files\Common Files
2008-03-04 19:25:18 0 d-------- C:\Users\john\AppData\Roaming\Vso
2008-02-29 12:12:30 0 d-------- C:\Program Files\Symantec
2008-02-27 01:30:15 0 d-------- C:\Users\john\AppData\Roaming\Uniblue
2008-02-25 22:32:52 0 d-------- C:\Users\john\AppData\Roaming\Apple Computer
2008-02-24 23:55:24 0 d-------- C:\Users\john\AppData\Roaming\Media Player Classic
2008-02-24 23:41:42 668 --a------ C:\Users\john\AppData\Roaming\vso_ts_preview.xml
2008-02-24 23:34:29 34 --a------ C:\Users\john\AppData\Roaming\pcouffin.log
2008-02-24 23:31:54 7887 --a------ C:\Users\john\AppData\Roaming\pcouffin.cat
2008-02-24 23:31:35 0 d-------- C:\Program Files\VSO
2008-02-22 17:55:50 0 d-------- C:\Users\john\AppData\Roaming\Nvu
2008-02-22 17:55:40 0 d-------- C:\Users\john\AppData\Roaming\Mozilla
2008-02-19 23:25:55 0 d-------- C:\Users\john\AppData\Roaming\CyberLink
2008-02-18 00:11:11 0 d-------- C:\Users\john\AppData\Roaming\Teleca
2008-02-17 23:36:49 0 d-------- C:\Users\john\AppData\Roaming\Sony Ericsson
2008-02-17 22:14:28 0 d-------- C:\Users\john\AppData\Roaming\Ahead
2008-02-16 21:01:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-16 20:22:06 0 d-------- C:\Users\john\AppData\Roaming\InstallShield
2008-02-15 20:28:58 0 d-------- C:\Users\john\AppData\Roaming\Azureus
2008-02-15 00:20:44 0 d-------- C:\Users\john\AppData\Roaming\WinRAR
2008-02-14 22:48:17 0 d-------- C:\Users\john\AppData\Roaming\FlashGet
2008-02-11 22:29:56 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-11 22:19:21 0 d-------- C:\Program Files\epson
2008-02-11 21:57:54 0 d-------- C:\Program Files\Amazing Photo Editor
2008-02-10 12:24:20 0 d-------- C:\Users\john\AppData\Roaming\Macromedia
2008-02-10 01:55:49 0 d-------- C:\Users\john\AppData\Roaming\Google
2008-02-10 01:51:56 0 d-------- C:\Program Files\Google
2008-02-10 01:44:52 0 d-------- C:\Program Files\Windows Live
2008-02-10 01:27:05 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-10 00:25:20 174 --ahs---- C:\Program Files\desktop.ini
2008-02-10 00:18:10 0 d-------- C:\Program Files\Windows Calendar
2008-02-10 00:18:05 0 d-------- C:\Program Files\Windows Defender
2008-02-10 00:18:00 0 d-------- C:\Program Files\Windows Sidebar
2008-02-09 21:54:02 0 d-------- C:\Users\john\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [09/02/2008 23:59]
"RtHDVCpl"="RtHDVCpl.exe" [01/11/2006 16:37 C:\Windows\RtHDVCpl.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/01/2007 08:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [10/02/2008 01:52]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 12:34]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [23/11/2004 16:51 192512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
backup=C:\Windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX8400 Series]
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Users\john\AppData\Local\Temp\E_S7AFD.tmp" /EF "HKCU"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
"C:\Program Files\FlashGet\FlashGet.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
C:\Program Files\PeerGuardian2\pg2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
S3trayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-03-12 21:24:54 ------------
  • 0

#6
Essexboy
Posted 12 March 2008 - 03:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

RCA USB Cable Modem : Has determined that the network adapter is not functioning properly.

That was all that I could see

So I will run a scan first then see what we get from there

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#7
12gauge
Posted 12 March 2008 - 04:21 PM

12gauge

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ComboFix 08-03-10.1 - john 2008-03-12 22:04:50.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.102 [GMT 0:00]
Running from: C:\Users\john\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\john\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-12 to 2008-03-12 )))))))))))))))))))))))))))))))
.

2008-03-12 21:08 . 2008-03-12 21:08 <DIR> d-------- C:\Deckard
2008-03-12 17:22 . 2008-03-12 17:22 <DIR> d-------- C:\Users\john\AppData\Roaming\EPSON
2008-03-12 09:17 . 2008-03-12 09:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-11 18:35 . 2007-12-16 22:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-11 18:35 . 2007-12-16 09:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-09 14:46 . 2008-02-27 16:52 49,152 --a------ C:\Windows\System32\ArmAccess.dll
2008-03-09 14:39 . 2008-03-09 14:39 <DIR> d-------- C:\Users\john\AppData\Roaming\PC Tools
2008-03-09 14:39 . 2008-03-10 23:27 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-09 14:39 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-03-09 14:39 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-03-09 14:39 . 2008-02-01 12:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-03-09 14:39 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-03-09 13:17 . 2008-03-11 18:32 <DIR> d-a------ C:\ProgramData\TEMP
2008-03-09 01:37 . 2008-01-12 18:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-03-09 01:37 . 2008-01-15 09:54 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-03-09 01:37 . 2008-01-15 05:28 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-03-08 07:56 . 2008-03-08 07:56 <DIR> d-------- C:\Users\john\AppData\Roaming\vlc
2008-03-07 21:47 . 2008-03-07 21:47 <DIR> d-------- C:\Program Files\VideoLAN
2008-03-07 20:52 . 2008-03-07 20:52 <DIR> d-------- C:\Program Files\Real Alternative
2008-03-07 13:40 . 2008-03-07 13:40 13,035 --a------ C:\Windows\System32\drivers\SymRedir.cat
2008-03-07 13:40 . 2008-03-07 13:40 1,358 --a------ C:\Windows\System32\drivers\SymRedir.inf
2008-03-07 13:39 . 2008-03-07 13:39 191,536 --a------ C:\Windows\System32\drivers\symtdi.sys
2008-03-07 13:39 . 2008-03-07 13:39 145,968 --a------ C:\Windows\System32\drivers\symfw.sys
2008-03-07 13:39 . 2008-03-07 13:39 39,984 --a------ C:\Windows\System32\drivers\symids.sys
2008-03-07 13:39 . 2008-03-07 13:39 37,936 --a------ C:\Windows\System32\drivers\symndisv.sys
2008-03-07 13:39 . 2008-03-07 13:39 27,696 --a------ C:\Windows\System32\drivers\symredrv.sys
2008-03-07 13:39 . 2008-03-07 13:39 12,848 --a------ C:\Windows\System32\drivers\symdns.sys
2008-03-06 11:25 . 2008-03-06 11:25 <DIR> d-------- C:\usr
2008-03-06 11:07 . 2008-03-06 11:25 <DIR> d--h----- C:\Users\john\Zero G Registry
2008-03-06 11:07 . 2008-03-06 11:41 <DIR> d-------- C:\Users\john\Vivid WorkshopData ATI
2008-03-06 10:46 . 2008-03-06 10:47 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-03-06 10:39 . 2008-03-06 10:39 716,272 --a------ C:\Windows\System32\drivers\sptd.sys
2008-03-06 10:38 . 2008-03-06 10:38 <DIR> d-------- C:\Users\john\AppData\Roaming\DAEMON Tools
2008-03-04 23:20 . 2008-03-04 23:20 <DIR> d-------- C:\ProgramData\FLEXnet
2008-03-04 23:15 . 2008-03-04 23:15 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-04 23:05 . 2008-03-04 23:02 118,520 --------- C:\Windows\System32\pxinsi64.exe
2008-03-04 23:05 . 2008-03-04 23:02 116,472 --------- C:\Windows\System32\pxcpyi64.exe
2008-03-04 23:05 . 2008-03-04 23:02 43,528 --------- C:\Windows\System32\drivers\PxHelp20.sys
2008-03-04 23:04 . 2008-03-04 23:02 129,784 --------- C:\Windows\System32\pxafs.dll
2008-03-04 23:01 . 2008-03-04 23:01 209 --a------ C:\Windows\ODBCINST.INI
2008-03-04 20:50 . 2000-05-22 05:00 647,872 --a------ C:\Windows\System32\MSCOMCT2.OCX
2008-03-04 20:50 . 2004-02-05 20:53 389,120 --a------ C:\Windows\System32\actskn43.ocx
2008-03-04 20:50 . 2004-01-08 01:43 253,952 --a------ C:\Windows\System32\histogram.ocx
2008-03-04 20:50 . 2004-01-09 10:54 188,416 --a------ C:\Windows\System32\actsplash.ocx
2008-03-04 20:48 . 2002-03-04 12:27 1,140,472 --a------ C:\Windows\System32\IGUltraGrid20.ocx
2008-03-04 20:48 . 2003-11-19 13:59 512,688 --a------ C:\Windows\System32\XceedCry.dll
2008-03-04 20:48 . 2004-03-08 23:00 131,856 --a------ C:\Windows\System32\MSADODC.ocx
2008-03-04 20:48 . 2000-07-14 23:00 118,784 --a------ C:\Windows\System32\msstdfmt.dll
2008-03-04 20:47 . 2008-03-04 20:47 <DIR> d-------- C:\Program Files\SystemGuards.com
2008-03-04 20:47 . 2005-08-27 02:38 1,435,272 --a------ C:\Windows\System32\Flash.ocx
2008-03-04 20:47 . 1999-01-26 19:36 11,012 --a------ C:\Windows\System32\threadapi.tlb
2008-03-02 15:14 . 2008-03-02 15:14 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-03-02 14:43 . 2008-03-02 15:29 <DIR> d-------- C:\VundoFix Backups
2008-03-02 02:18 . 2008-03-02 02:18 2,581 -r-hs---- C:\Windows\PCGWIN32.LI5
2008-03-02 02:04 . 2008-03-02 02:04 528 -r-hs---- C:\Windows\PCGWIN32.LI4
2008-03-02 01:55 . 2008-03-02 01:55 <DIR> d-------- C:\ProgramData\Autodata Limited
2008-03-02 01:50 . 2008-03-02 01:50 <DIR> d-------- C:\Program Files\Common Files\Autodata Limited Shared
2008-03-02 01:50 . 2008-03-02 01:50 <DIR> d-------- C:\ADCDTEMP
2008-03-02 01:23 . 2008-03-02 01:23 <DIR> d-------- C:\Program Files\MagicISO
2008-03-01 23:10 . 2008-03-03 20:02 <DIR> d-------- C:\Program Files\Date Cracker 2000
2008-03-01 23:10 . 2008-03-03 20:02 249,856 --------- C:\Windows\Setup1.exe
2008-03-01 23:10 . 2008-03-03 20:02 73,216 --a------ C:\Windows\ST6UNST.EXE
2008-03-01 20:12 . 2008-03-01 20:12 <DIR> d-------- C:\Program Files\Radio Decoder
2008-03-01 20:12 . 2008-03-01 20:12 720,896 --a------ C:\Windows\iun6002.exe
2008-02-29 20:40 . 2008-03-02 18:01 0 --ah----- C:\ntuser.dat.LOG2
2008-02-29 20:40 . 2008-03-02 18:01 0 --ah----- C:\ntuser.dat.LOG1
2008-02-29 20:40 . 2008-02-29 20:40 0 --a------ C:\ntuser.dat
2008-02-29 11:52 . 2008-02-29 11:52 <DIR> d--h----- C:\Windows\PIF
2008-02-29 11:48 . 2008-02-29 12:23 16 --a------ C:\Windows\System32\coh.cache
2008-02-29 11:29 . 2008-03-11 19:44 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-02-29 11:27 . 2008-02-29 12:12 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-02-29 11:27 . 2008-02-29 12:12 10,740 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-02-29 11:27 . 2008-02-29 12:12 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-02-29 09:57 . 2008-02-29 09:57 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-02-27 01:16 . 2008-02-27 01:16 <DIR> d-------- C:\ProgramData\Uniblue
2008-02-27 00:57 . 2008-02-27 01:30 <DIR> d-------- C:\Users\john\AppData\Roaming\Uniblue
2008-02-27 00:55 . 2008-02-27 01:14 <DIR> d-------- C:\Program Files\Uniblue
2008-02-25 22:32 . 2008-02-25 22:32 <DIR> d-------- C:\Users\john\AppData\Roaming\Apple Computer
2008-02-25 22:31 . 2008-02-25 22:32 <DIR> d-------- C:\Program Files\iTunes
2008-02-25 22:31 . 2008-02-25 22:31 <DIR> d-------- C:\Program Files\iPod
2008-02-25 22:26 . 2008-02-25 22:26 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-25 00:18 . 2007-11-29 23:30 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll
2008-02-25 00:18 . 2008-01-10 13:15 755,027 --a------ C:\Windows\System32\xvidcore.dll
2008-02-25 00:18 . 2004-01-25 17:18 217,088 --a------ C:\Windows\System32\yv12vfw.dll
2008-02-25 00:18 . 2007-09-04 17:56 164,352 --a------ C:\Windows\System32\unrar.dll
2008-02-25 00:18 . 2008-01-10 13:16 159,839 --a------ C:\Windows\System32\xvidvfw.dll
2008-02-25 00:18 . 2007-09-21 01:52 118,784 --a------ C:\Windows\System32\ac3acm.acm
2008-02-25 00:18 . 2007-11-29 23:28 81,920 --a------ C:\Windows\System32\dpl100.dll
2008-02-25 00:17 . 2007-12-04 02:33 682,496 --a------ C:\Windows\System32\divx.dll
2008-02-25 00:17 . 2007-12-24 13:49 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-02-25 00:17 . 2007-07-10 17:10 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-02-25 00:16 . 2008-02-25 00:18 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-24 23:55 . 2008-02-24 23:55 <DIR> d-------- C:\Users\john\AppData\Roaming\Media Player Classic
2008-02-24 23:31 . 2004-05-04 11:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-02-24 23:31 . 2006-09-29 11:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-02-24 23:31 . 2006-09-29 11:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-02-24 23:31 . 2006-09-29 11:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-02-24 23:31 . 2007-03-18 20:37 65,602 --a------ C:\Windows\System32\cook3260.dll
2008-02-24 23:31 . 2008-02-24 23:31 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-02-24 23:31 . 2008-02-24 23:31 47,360 --a------ C:\Users\john\AppData\Roaming\pcouffin.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 17:11 --------- d-----w C:\ProgramData\Symantec
2008-03-11 19:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-11 19:04 --------- d-----w C:\Program Files\Windows Mail
2008-03-04 19:25 --------- d-----w C:\Users\john\AppData\Roaming\Vso
2008-02-29 12:12 --------- d-----w C:\Program Files\Symantec
2008-02-24 23:31 --------- d-----w C:\Program Files\VSO
2008-02-20 20:37 --------- d-----w C:\ProgramData\CyberLink
2008-02-16 21:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 21:32 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 21:32 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 21:32 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 21:32 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 21:32 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 21:32 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 21:32 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-13 21:32 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-13 21:16 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 21:16 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 21:16 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 21:16 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 21:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-11 22:29 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-11 22:19 --------- d-----w C:\Program Files\epson
2008-02-11 22:14 --------- d-----w C:\ProgramData\EPSON
2008-02-11 21:57 --------- d-----w C:\Program Files\Amazing Photo Editor
2008-02-10 12:49 --------- d-----w C:\ProgramData\NCH Software
2008-02-10 01:51 --------- d-----w C:\Program Files\Google
2008-02-10 01:44 --------- d-----w C:\Program Files\Windows Live
2008-02-10 01:27 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-10 01:15 --------- d-----w C:\ProgramData\WLInstaller
2008-02-10 00:25 174 --sha-w C:\Program Files\desktop.ini
2008-02-10 00:18 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-10 00:18 --------- d-----w C:\Program Files\Windows Defender
2008-02-10 00:18 --------- d-----w C:\Program Files\Windows Calendar
2008-02-10 00:09 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-02-10 00:09 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-02-10 00:09 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-02-10 00:09 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-02-10 00:09 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-02-10 00:06 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-02-10 00:06 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-02-10 00:06 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-02-10 00:05 2,923,520 ----a-w C:\Windows\explorer.exe
2008-02-09 23:52 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-02-09 23:52 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-02-09 23:52 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-02-09 23:45 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-02-09 23:45 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-02-09 23:45 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-02-09 23:45 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-02-09 23:45 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-02-09 23:45 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-02-09 23:35 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-02-09 23:29 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-02-09 23:29 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-02-09 23:29 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-02-09 23:29 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-02-09 23:29 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-02-09 23:28 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-10 01:52 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:34 201728]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-09 23:59 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 16:37 3772416 C:\Windows\RtHDVCpl.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 08:59 115816]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
backup=C:\Windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX8400 Series]
--a------ 2007-04-12 06:00 182272 C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-06-29 11:44 1990704 C:\Program Files\FlashGet\FlashGet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
--a------ 2007-06-02 15:59 1457152 C:\Program Files\PeerGuardian2\pg2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-17 11:38 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
--a------ 2006-12-15 14:04 176128 C:\Windows\System32\s3trayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
--a------ 2007-09-20 08:23 132624 C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
--a------ 2008-02-11 12:42 9442584 C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5D135735-361E-4A4B-A1C4-38B765A25DEF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{18960248-7FB0-49CA-8635-B3E5F7B801C0}"= UDP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{E421898B-F691-4E4C-A9E5-CFBE4395EF56}"= TCP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{E53B8C75-4F60-4C8D-A74A-5E404C91C573}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{95A8B543-C361-4B93-B1F4-7624D904030E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{7873AD78-D29E-4E16-A4C7-6FD8492CA31E}C:\program files\flashget\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet|Desc=FlashGet
"UDP Query User{D12C76E9-58E4-4B7C-88A9-7725A336E04B}C:\program files\flashget\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet|Desc=FlashGet

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080312.001\IDSvix86.sys [2008-02-14 02:51]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 09:45]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 09:45]
R3 S3GIGP;S3GIGP;C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2007-01-10 09:03]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 07:30]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 11:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 11:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s125obex.sys [2007-04-24 11:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-10 20:04:42 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - john.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-02-27 01:34:41 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 22:09:25
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-12 22:11:48
ComboFix-quarantined-files.txt 2008-03-12 22:11:43
.
2008-03-11 18:45:45 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:59, on 12/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 7429 bytes
  • 0

#8
Essexboy
Posted 13 March 2008 - 02:27 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Still nothing apparent - So I will go for a spring clean first and then try an online virus scan to see if that reveals anything


Click start then all programmes, accessories, system tools to run disc clean up

Reboot

Download, install and run Tuneup Utilities 2008

Select Free up disk space

Select Unneccesary files and backups then clean

Select Maintain Windows

Run Drive Defrag

Run Tune Up registry clean up

Then run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Select Increase performance

Run the internet Optimiser to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click Increase performance then system optimizer to run system advisor

THEN

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#9
12gauge
Posted 14 March 2008 - 02:41 PM

12gauge

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Friday, March 14, 2008 11:21:34 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/03/2008
Kaspersky Anti-Virus database records: 628516


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
R:\

Scan Statistics
Total number of scanned objects 89479
Number of viruses found 5
Number of infected objects 6
Number of suspicious objects 0
Duration of the scan process 03:12:18

Infected Object Name Virus Name Last Action
C:\Boot\BCD Object is locked skipped

C:\Boot\BCD.LOG Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile00.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile01.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile02.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile03.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile04.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile05.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile06.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile07.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile08.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile09.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile10.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile11.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile12.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile13.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile14.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile15.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile16.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile17.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile18.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile19.sqm Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\IDSinst.LOG Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080211-210750-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080211-210850-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080211-230452-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080211-230507-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080212-120228-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080212-120239-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080212-195831-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080212-195912-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080213-211137-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080213-211405-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080213-215950-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080213-220001-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080214-125051-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080214-125106-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080214-195404-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080214-195510-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080215-112415-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080215-112427-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080215-164810-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080215-164819-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080216-123557-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080216-123633-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080216-171156-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080216-171207-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080216-210027-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080216-210343-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080217-103418-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080217-103433-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080217-161527-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080217-161553-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080217-222109-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080217-222121-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080217-234814-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080217-235022-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080218-001813-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080218-001838-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080218-201838-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080218-202006-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080219-145532-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080219-145544-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080219-193453-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080219-193510-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080220-112700-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080220-112718-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080220-205103-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080220-205328-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080221-092152-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080221-092204-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080222-153707-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080222-153719-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080223-120022-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080223-120035-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080224-101103-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080224-101118-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080224-222033-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080224-222103-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080225-215614-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080225-215805-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080226-093908-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080226-093920-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080226-121157-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080226-121209-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080227-120811-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080227-120827-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080227-202513-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080227-202531-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080228-004605-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080228-004734-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080228-120029-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080228-120053-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080228-142304-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080228-142315-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080228-234013-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080228-234115-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080229-085345-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080229-085421-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080229-100609-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080229-100632-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080229-111329-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080229-111339-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080229-113951-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080229-114002-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080229-124124-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080229-124138-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080301-170356-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080301-170414-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080302-025812-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080302-025824-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080302-095854-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080302-095906-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080302-132358-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080302-133246-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080302-143257-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080302-143313-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080302-153804-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080302-153837-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080302-172328-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080302-172521-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080302-180105-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080302-180136-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080303-121444-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080303-121456-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080303-194630-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080303-194741-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080304-093444-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080304-093459-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080304-230345-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080304-231704-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080305-011039-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080305-011053-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080306-094813-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080306-094826-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080306-111347-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080306-111601-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080306-124513-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080306-124527-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080306-205238-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080306-205302-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080306-211122-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080306-211136-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080307-085916-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080307-085929-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080307-200928-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080307-200955-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080308-155850-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080308-155902-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080309-020526-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080309-020657-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080309-123234-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080309-123245-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080309-141314-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080309-141356-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080309-150507-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080309-150617-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080310-014316-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080310-014431-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080310-123241-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080310-123256-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080310-145606-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080310-145645-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080310-222820-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080310-222831-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080311-182758-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080311-182836-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080311-192511-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080311-192837-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080311-215232-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080311-215253-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080311-233319-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080311-233333-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080312-091418-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080312-091444-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080312-105524-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080312-105536-0.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\MpCmdRun-65-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\MpCmdRun-65-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\MpCmdRun.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\MpSigStub.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\MSIbcc7c.LOG Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\Norton_SPALOG_2_10_2008_4048834.txt Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\Norton_SPALOG_2_10_2008_4060222.txt Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\Norton_SPALOG_2_29_2008_2791559.txt Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\Norton_SPALOG_2_29_2008_2809936.txt Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\Norton_SPALOG_2_9_2008_1994581.txt Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\Norton_SPALOG_2_9_2008_2032256.txt Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\Norton_SPALOG_2_9_2008_2062442.txt Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\Norton_SPALOG_3_9_2008_27562412.txt Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\QTInstallCode.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\SRTSP_MSI_I_10.2.2.6.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\SRTSP_MSI_U_(1)10.1.1.5.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\SRTSP_MSI_U_(1)10.1.4.2.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\SRTSP_Setup_10.2.2.6.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\srtUnin.log Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\SYMEVENT.LOG Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\symlcsv1.exe Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\TMP000000013DB170C8A142DF9A Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\TMP00000012E66610C485FF167C Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\TMP0000001853E5BFB6E9BC08F2 Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\TMP0000002EC27215DE4D5A1C12 Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\TMP0000003109941EFF51FD4E76 Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\TMP00000032C9780946934F2212 Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\TMP0000003469B686ACF36B7829 Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\TMP00000034B8D2DDE3911780AF Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\TMP00000037F1B18ADB2D212117 Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\TMP00000038BB700DDA032DA87A Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\TMP0000003AC35FCC35C3960579 Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\TMP0000003D669E18A55EEAB40D Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\TMP0000003F057B1F786766F13C Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\TMP0000004154695A88CAB910E6 Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\TMP00000042FCC622739C391AF8 Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\TMP0000004EFCEE037E28FB312F Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\TMP000000870A4CEAC9D6DF5331 Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_DX.etl Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_KernelLog.etl Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_StorageAsmt.etl Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\wmsetup.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped

C:\Program Files\DAEMON Tools Lite\SRSAI.exe Infected: not-a-virus:AdWare.Win32.Shopper.r skipped

C:\Program Files\FlashGet\crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Program Files\FlashGet\keygen.exe Infected: Trojan-Downloader.Win32.Small.iui skipped

C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.ilg Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\ProgramData\Symantec\Common Client\settings.bak Object is locked skipped

C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped

C:\ProgramData\Symantec\LiveUpdate\2008-03-14_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\641f84eef75070c0139673612940611b_093f774e-93c1-413d-9504-25497a860a0f Object is locked skipped

C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped

C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1872_1FEF_721F_CFFC\dfsr.db Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1872_1FEF_721F_CFFC\fsr.log Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1872_1FEF_721F_CFFC\fsrtmp.log Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1872_1FEF_721F_CFFC\tmp.edb Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008031420080315\index.dat Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Windows\UsrClass.dat{d7f98311-f141-11dc-9d32-001558add0a6}.TM.blf Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Windows\UsrClass.dat{d7f98311-f141-11dc-9d32-001558add0a6}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Windows\UsrClass.dat{d7f98311-f141-11dc-9d32-001558add0a6}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Windows Defender\FileTracker\{A706017B-FCE4-430F-8005-070BA8912858} Object is locked skipped

C:\Users\john\AppData\Local\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped

C:\Users\john\AppData\Local\Temp\~DF9213.tmp Object is locked skipped

C:\Users\john\AppData\Local\Temp\~DF93ED.tmp Object is locked skipped

C:\Users\john\Downloads\Downloads\Symantec_Norton_Internet_Security_2007.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.giq skipped

C:\Users\john\Downloads\Downloads\Symantec_Norton_Internet_Security_2007.rar/crack.exe Infected: Trojan.Win32.Dialer.yz skipped

C:\Users\john\Downloads\Downloads\Symantec_Norton_Internet_Security_2007.rar RAR: infected - 2 skipped

C:\Users\john\ntuser.dat Object is locked skipped

C:\Users\john\ntuser.dat.LOG1 Object is locked skipped

C:\Users\john\ntuser.dat.LOG2 Object is locked skipped

C:\Users\john\ntuser.dat{d7f9830f-f141-11dc-9d32-001558add0a6}.TM.blf Object is locked skipped

C:\Users\john\ntuser.dat{d7f9830f-f141-11dc-9d32-001558add0a6}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\john\ntuser.dat{d7f9830f-f141-11dc-9d32-001558add0a6}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\bthservsdp.dat Object is locked skipped

C:\Windows\Debug\PASSWD.LOG Object is locked skipped

C:\Windows\Debug\sam.log Object is locked skipped

C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped

C:\Windows\Installer\MSIF153.tmp Object is locked skipped

C:\Windows\Logs\CBS\CBS.log Object is locked skipped

C:\Windows\Logs\DPX\setupact.log Object is locked skipped

C:\Windows\Logs\DPX\setuperr.log Object is locked skipped

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped

C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped

C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped

C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped

C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped

C:\Windows\security\database\secedit.sdb Object is locked skipped

C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\catroot2\edb.log Object is locked skipped

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\config\COMPONENTS Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped

C:\Windows\System32\config\DEFAULT Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped

C:\Windows\System32\config\SAM Object is locked skipped

C:\Windows\System32\config\SAM.LOG1 Object is locked skipped

C:\Windows\System32\config\SAM.LOG2 Object is locked skipped

C:\Windows\System32\config\SECURITY Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped

C:\Windows\System32\config\SOFTWARE Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped

C:\Windows\System32\config\SYSTEM Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{d7f98300-f141-11dc-9d32-001558add0a6}.TxR.0.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{d7f98300-f141-11dc-9d32-001558add0a6}.TxR.1.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{d7f98300-f141-11dc-9d32-001558add0a6}.TxR.2.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{d7f98300-f141-11dc-9d32-001558add0a6}.TxR.blf Object is locked skipped

C:\Windows\System32\drivers\sptd.sys Object is locked skipped

C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped

C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped

C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped

C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped

C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped

C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped

C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped

C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped

C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped

C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped

C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped

C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped

C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped

C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped

C:\Windows\Tasks\1-Click Maintenance.job Object is locked skipped

C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped

C:\Windows\Tasks\Uniblue SpyEraser.job Object is locked skipped

C:\Windows\WindowsUpdate.log Object is locked skipped

C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

Scan process completed.
  • 0

#10
Essexboy
Posted 14 March 2008 - 03:42 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm again that found little apart from several keygen crack - which we shall remove. Be advised keygens and cracks will open a door into your system, there is no such thing as a free lunch :) Can you let me know the exact state of your system now. Is Norton still reporting those two elements, if so what are the locations i.e. C:\Windows\system32\badfile.dll


There are free Antiviruses and download managers so there is no need to pirate software.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\FlashGet\keygen.exe
c:\Program Files\DAEMON Tools Lite\SRSAI.exe
C:\Program Files\FlashGet\crack.exe 
C:\Users\john\Downloads\Downloads\Symantec_Norton_Internet_Security_2007.rar/keygen.exe 
C:\Users\john\Downloads\Downloads\Symantec_Norton_Internet_Security_2007.rar/crack.exe 
C:\Users\john\Downloads\Downloads\Symantec_Norton_Internet_Security_2007.rar
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Logs required : OTMoveit and a new Hijackthis log
  • 0

#11
Essexboy
Posted 20 March 2008 - 01:41 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP