Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IExplore [RESOLVED]

Started by gmcube , May 29 2008 03:04 PM

  • This topic is locked This topic is locked

#1
gmcube
Posted 29 May 2008 - 03:04 PM

gmcube

    Member

  • Member
  • PipPipPip
  • 176 posts
So yeah, I have this resource hogging process labled IExplore. and I get pop ups.

heres my hijack.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:55 PM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\HotKeyBind\HotKeyBind.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F608C2D0-846D-4F0E-E47A-88367C887707} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [CmUsbAudio] RunDll32 cmcnfg2.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MbarInstall] C:\DOCUME~1\Robert\LOCALS~1\Temp\temD.tmp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HotKeyBind.exe] C:\Program Files\HotKeyBind\HotKeyBind.exe
O4 - HKCU\..\Run: [BitDownload] "C:\Program Files\BitDownload\BitDownload.exe" /minimized
O4 - HKCU\..\Run: [Pollthis] C:\DOCUME~1\Robert\APPLIC~1\TESTIN~1\16firstitch.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: Epson printer Registration.lnk = E:\Titles\Ereg\EPSONREG.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Epson printer Registration.lnk = E:\Titles\Ereg\EPSONREG.EXE (User 'Default user')
O4 - Startup: Epson printer Registration.lnk = E:\Titles\Ereg\EPSONREG.EXE
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Platinum 18\Remind.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {DCDD459D-4C53-4D86-A3CB-0988FBFF5469} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {F7F99157-5D50-4898-9A92-F817A5504524} - http://www.comcastsupport.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://drm.christianbook.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 8336 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 02 June 2008 - 08:49 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#3
gmcube
Posted 02 June 2008 - 04:35 PM

gmcube

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, June 02, 2008 6:29:44 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/06/2008
Kaspersky Anti-Virus database records: 821972
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 97773
Number of viruses found: 6
Number of infected objects: 19
Number of suspicious objects: 0
Duration of the scan process: 02:20:03

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\hvget9go.default\cert8.db Object is locked skipped
C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\hvget9go.default\content-prefs.sqlite Object is locked skipped
C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\hvget9go.default\cookies.sqlite Object is locked skipped
C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\hvget9go.default\downloads.sqlite Object is locked skipped
C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\hvget9go.default\formhistory.sqlite Object is locked skipped
C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\hvget9go.default\key3.db Object is locked skipped
C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\hvget9go.default\parent.lock Object is locked skipped
C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\hvget9go.default\permissions.sqlite Object is locked skipped
C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\hvget9go.default\places.sqlite Object is locked skipped
C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\hvget9go.default\places.sqlite-journal Object is locked skipped
C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\hvget9go.default\places.sqlite-stmtjrnl Object is locked skipped
C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\hvget9go.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Robert\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Robert\Desktop\backups\backup-20080502-004641-761.dll Infected: not-a-virus:AdWare.Win32.Agent.bod skipped
C:\Documents and Settings\Robert\Desktop\backups\backup-20080518-234104-143.dll Infected: not-a-virus:AdWare.Win32.Agent.ahl skipped
C:\Documents and Settings\Robert\Desktop\Kyle's\Sony.Vegas.Movie.Studio.8.0b.build.126.Full__9Down.COM\Sony.Vegas.Movie.Studio.8.0b.build.126.Crack\Crack.exe Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Mozilla\Firefox\Profiles\hvget9go.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Mozilla\Firefox\Profiles\hvget9go.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Mozilla\Firefox\Profiles\hvget9go.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Mozilla\Firefox\Profiles\hvget9go.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Mozilla\Firefox\Profiles\hvget9go.default\urlclassifier3.sqlite Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Application Data\Mozilla\Firefox\Profiles\hvget9go.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\History\History.IE5\MSHist012008060220080603\index.dat Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Temp\~DF2A7B.tmp Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Temp\~DF6D4F.tmp Object is locked skipped
C:\Documents and Settings\Robert\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Robert\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Robert\ntuser.dat.LOG Object is locked skipped
C:\Program Files\PlayMP3z\PlayMP3.exe Infected: not-a-virus:AdWare.Win32.Agent.jb skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP108\change.log Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP26\A0008034.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP27\A0008121.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP30\A0008428.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP30\A0008429.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP30\A0008430.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP30\A0008431.dll Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP30\A0008432.dll Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP30\A0008433.dll Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP30\A0008434.dll Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP30\A0008435.dll Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP30\A0008436.dll Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP30\A0008437.dll Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP30\A0008438.dll Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP30\A0008439.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP45\A0009475.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP63\A0010698.exe Infected: not-a-virus:AdWare.Win32.Agent.jb skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP63\A0010705.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP65\A0013152.exe Infected: not-a-virus:AdWare.Win32.Agent.jb skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP65\A0013155.dll Infected: not-a-virus:AdWare.Win32.Agent.bod skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP65\A0013156.dll Infected: not-a-virus:AdWare.Win32.Agent.bod skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP65\A0013176.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP70\A0013469.exe/Setup.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP70\A0013469.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP70\A0013471.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP70\A0013473.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP71\A0013573.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP71\A0013574.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP73\A0013668.dll Infected: not-a-virus:AdWare.Win32.Agent.bod skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP76\A0013787.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP78\A0014482.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP90\A0017647.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP91\A0017737.dll Infected: not-a-virus:AdWare.Win32.Agent.ahl skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018252.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018253.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018254.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018255.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018256.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018257.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018258.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018259.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018260.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018261.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018262.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018263.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018264.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018265.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018266.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018267.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018268.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018269.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018270.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018271.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018272.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018273.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018274.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018275.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018276.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018277.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018278.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018279.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018280.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018281.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018282.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018283.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018284.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018285.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018286.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018287.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018288.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018289.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018290.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018291.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018292.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018293.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018294.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018295.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018296.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018297.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018298.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018299.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018300.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018301.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018302.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018303.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018304.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018305.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018306.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018307.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018308.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018309.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018310.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018311.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018312.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018313.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018314.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018315.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018316.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018317.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018318.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018319.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018320.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018321.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018322.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018323.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018324.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018325.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018326.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018327.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018328.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018329.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018330.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018331.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018332.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018333.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018334.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018335.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018336.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018337.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018338.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018339.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018340.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018341.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018342.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018343.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018344.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018345.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018346.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018347.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018348.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018349.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018350.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018351.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018352.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018353.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018354.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018355.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018356.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018357.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018358.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018359.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018360.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018361.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018362.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018363.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018364.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018365.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018366.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018367.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018368.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018369.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018370.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018371.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018372.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018373.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018374.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018375.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018376.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018377.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018378.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018379.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018380.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018381.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018382.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018383.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018384.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018385.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018386.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018387.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018388.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018389.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018390.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018391.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018392.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018393.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018394.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018395.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018396.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018397.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018398.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018399.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018400.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018401.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018402.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018403.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018404.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018405.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018406.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018407.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018408.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018409.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018410.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018411.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018412.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018413.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018414.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018415.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018416.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018417.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018418.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018419.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018420.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018421.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018422.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018423.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018424.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018425.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018426.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018427.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018428.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018429.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018430.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018431.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018432.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018433.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018434.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018435.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018436.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018437.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018438.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018439.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018440.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018441.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018442.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018443.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018444.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018445.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018446.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018447.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018448.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018449.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018450.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018451.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018452.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018453.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018454.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018455.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018456.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018457.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018458.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018459.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018460.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018461.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018462.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018463.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018464.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018465.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018466.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018467.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018468.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018469.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018470.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018471.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018472.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018473.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018474.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018475.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018476.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018477.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018478.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018479.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018480.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018481.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018482.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018483.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018484.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018485.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018486.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018487.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018488.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018489.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018490.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018491.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018492.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018493.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018494.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018495.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018496.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018497.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018498.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018499.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018500.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018501.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018502.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018503.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018504.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018505.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018506.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018507.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018508.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018509.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018510.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018511.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018512.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018513.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018514.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018515.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018516.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018517.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018518.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018519.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018520.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018521.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018522.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018523.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018524.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018525.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018526.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018527.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018528.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018529.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018530.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018531.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018532.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018533.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018534.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018535.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018536.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018537.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018538.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018539.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018540.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018541.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018542.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018543.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018544.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018545.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018546.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018547.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018548.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018549.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018550.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018551.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018552.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018553.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018554.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018555.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018556.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018557.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018558.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018559.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018560.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018561.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018562.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018563.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018564.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018565.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018566.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018567.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018568.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018569.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018570.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018571.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018572.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018573.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018574.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018575.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018576.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018577.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018578.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018579.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018580.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018581.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018582.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018583.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018584.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018585.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018586.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018587.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018588.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018589.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018590.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018591.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018592.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018593.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018594.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018595.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018596.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018597.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018598.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018599.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018600.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018601.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018602.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018603.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018604.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018605.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018606.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018607.exe Object is locked skipped
C:\System
  • 0

#4
gmcube
Posted 02 June 2008 - 04:37 PM

gmcube

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
continueing where I left off....



C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018608.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018609.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018610.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018611.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018612.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018613.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018614.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018615.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018616.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018617.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018618.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018619.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018620.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018621.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018622.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018623.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018624.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018625.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018626.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018627.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018628.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018629.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018630.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018631.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018632.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018633.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018634.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018635.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018636.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018637.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018638.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018639.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018640.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018641.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018642.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018643.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018644.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018645.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018646.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018647.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018648.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018649.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018650.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018651.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018652.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018653.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018654.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018655.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018656.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018657.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018658.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018659.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018660.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018661.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018662.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018663.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018664.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018665.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018666.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018667.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018668.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018669.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018670.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018671.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018672.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018673.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018674.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018675.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018676.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018677.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018678.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018679.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018680.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018681.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018682.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018683.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018684.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018685.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018686.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018687.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018688.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018689.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018690.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018691.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018692.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018693.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018694.exe Object is locked skipped
C:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP98\A0018695.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\flash\home_video_special_edition\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
F:\flash\home_video_special_edition\mirc616.exe mIRC: infected - 1 skipped
F:\LimeWire\Incomplete\T-1932810-Wicked Remix.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP108\change.log Object is locked skipped
F:\System Volume Information\_restore{7920F7DD-A14B-4948-BE8D-99F79C53B288}\RP31\A0008498.exe Object is locked skipped

Scan process completed.
  • 0

#5
gmcube
Posted 02 June 2008 - 04:40 PM

gmcube

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
Deckard's System Scanner v20071014.68
Run by Robert on 2008-06-02 15:34:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
108: 2008-06-02 22:34:33 UTC - RP108 - Deckard's System Scanner Restore Point
107: 2008-06-02 12:26:00 UTC - RP107 - System Checkpoint
106: 2008-05-31 12:53:02 UTC - RP106 - System Checkpoint
105: 2008-05-30 12:32:21 UTC - RP105 - System Checkpoint
104: 2008-05-29 12:20:41 UTC - RP104 - System Checkpoint


-- First Restore Point --
1: 2008-04-01 20:32:04 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Robert.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:13 PM, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\LClock\LClock.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HotKeyBind\HotKeyBind.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Robert\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Robert.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F608C2D0-846D-4F0E-E47A-88367C887707} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [CmUsbAudio] RunDll32 cmcnfg2.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MbarInstall] C:\DOCUME~1\Robert\LOCALS~1\Temp\temD.tmp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HotKeyBind.exe] C:\Program Files\HotKeyBind\HotKeyBind.exe
O4 - HKCU\..\Run: [BitDownload] "C:\Program Files\BitDownload\BitDownload.exe" /minimized
O4 - HKCU\..\Run: [Pollthis] C:\DOCUME~1\Robert\APPLIC~1\TESTIN~1\16firstitch.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: Epson printer Registration.lnk = E:\Titles\Ereg\EPSONREG.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Epson printer Registration.lnk = E:\Titles\Ereg\EPSONREG.EXE (User 'Default user')
O4 - Startup: Epson printer Registration.lnk = E:\Titles\Ereg\EPSONREG.EXE
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Platinum 18\Remind.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {DCDD459D-4C53-4D86-A3CB-0988FBFF5469} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {F7F99157-5D50-4898-9A92-F817A5504524} - http://www.comcastsupport.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://drm.christianbook.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 8283 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R3 cmpci (Turtle Beach Riviera) - c:\windows\system32\drivers\cmaudio.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 DSDrv4 - c:\program files\dscaler\dsdrv4.sys
S3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys (file missing)
S3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys (file missing)
S3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_01421028&REV_81\4&3B1CAF2B&0&40F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_01421028&REV_81\4&3B1CAF2B&0&40F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-06-02 15:00:00 264 --ah----- C:\WINDOWS\Tasks\AB258A26914A06CE.job
2008-05-28 08:44:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-02 and 2008-06-02 -----------------------------

2008-06-01 14:10:47 1855488 -ra------ C:\WINDOWS\system32\drivers\MIXER.EXE <Not Verified; C-Media Electronic Inc. (www.cmedia.com.tw); Mixer>
2008-06-01 14:10:46 765952 -ra------ C:\WINDOWS\system32\drivers\CRLDS3D.DLL <Not Verified; Sensaura Ltd; Sensaura 3DPA>
2008-06-01 14:10:45 139264 -ra------ C:\WINDOWS\system32\drivers\CMUNINST.EXE <Not Verified; C-Media Electronics Inc.; CMIUninst Application>
2008-06-01 14:10:45 135168 -ra------ C:\WINDOWS\system32\drivers\CMUNINST.DAT <Not Verified; C-Media Electronics Inc.; CMIUninst Application>
2008-06-01 14:10:45 32768 -ra------ C:\WINDOWS\system32\drivers\CMNPROP.DLL <Not Verified; C-Media Corporation; CMI8738/CMI9738 Audio Device>
2008-06-01 14:10:45 1127 -ra------ C:\WINDOWS\system32\drivers\cmijack.dat
2008-06-01 14:10:45 3360 -ra------ C:\WINDOWS\system32\drivers\cmiainfo.sys
2008-06-01 14:10:44 436 -ra------ C:\WINDOWS\system32\drivers\cmaudio.dat
2008-06-01 14:10:06 0 d-------- C:\Program Files\Common Files\Voyetra
2008-06-01 14:10:02 0 d-------- C:\Program Files\Common Files\Turtle Beach
2008-06-01 14:08:54 0 d-------- C:\Program Files\Voyetra Turtle Beach
2008-05-31 02:30:06 0 d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-31 02:19:16 0 d-------- C:\Program Files\PowerISO
2008-05-29 17:04:31 0 d-------- C:\Program Files\Trend Micro
2008-05-27 22:57:28 0 d-------- C:\Program Files\testinsidebalm
2008-05-27 16:03:11 0 d-------- C:\Program Files\dng4ps2
2008-05-27 16:01:28 0 d-------- C:\Program Files\DNG4PS-2
2008-05-27 15:11:25 0 d-------- C:\Program Files\ComcastUI
2008-05-27 12:16:17 0 d-------- C:\Program Files\support.com
2008-05-27 12:16:07 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-05-23 09:15:47 0 d-------- C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2008-05-22 09:37:14 47360 --a------ C:\Documents and Settings\Robert\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-22 09:37:13 0 d-------- C:\Documents and Settings\Robert\Application Data\Vso
2008-05-22 09:37:08 0 d-------- C:\Program Files\FlyDVDCopier
2008-05-20 16:53:12 0 d-------- C:\Program Files\WSRMacros
2008-05-17 22:01:17 0 d-------- C:\CLOVERFIELD_DOM
2008-05-16 10:50:12 0 d-------- C:\Documents and Settings\Robert\Application Data\ImgBurn
2008-05-16 08:59:44 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-16 08:59:42 0 d-------- C:\Program Files\DVD Shrink
2008-05-15 09:45:55 0 d-------- C:\Documents and Settings\Robert\Application Data\Any Video Converter
2008-05-15 09:45:50 0 d-------- C:\Program Files\Any Video Converter
2008-05-14 11:06:25 0 d-------- C:\Documents and Settings\Robert\Application Data\WinFF
2008-05-14 11:06:22 0 d-------- C:\Program Files\WinFF
2008-05-13 22:45:35 0 d-------- C:\Documents and Settings\Robert\Application Data\Opera
2008-05-13 22:45:14 0 d-------- C:\Program Files\Opera
2008-05-13 00:22:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-05-13 00:22:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-12 23:51:48 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-05-12 23:46:00 0 d-------- C:\Program Files\Logitech
2008-05-12 18:55:31 0 d-------- C:\Documents and Settings\Robert\Application Data\Coolbox
2008-05-12 18:55:08 0 d-------- C:\Program Files\MobiDVD
2008-05-08 18:00:37 0 d-------- C:\Program Files\MediaCoder
2008-05-08 10:01:41 0 d-------- C:\videooutput
2008-05-08 10:01:39 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-08 10:01:39 383238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-05-08 10:01:38 3086336 --a------ C:\WINDOWS\system32\flvvideo.dll
2008-05-08 10:01:37 3086336 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-05-08 09:59:31 487479 --a------ C:\WINDOWS\system32\SkinMagic.dll <Not Verified; Appspeed Inc.; Appspeed SkinMagic Toolkit>
2008-05-08 09:59:31 66048 --a------ C:\WINDOWS\system32\cygz.dll
2008-05-08 09:59:31 1872821 --a------ C:\WINDOWS\system32\cygwin1.dll <Not Verified; Red Hat; Cygwin>
2008-05-08 09:59:30 6664208 --a------ C:\WINDOWS\system32\dvdripcore.dll
2008-05-08 09:59:30 0 d-------- C:\Program Files\Smallvideosoft
2008-05-08 09:55:54 0 d-------- C:\Documents and Settings\Robert\Application Data\DVD Flick
2008-05-08 09:55:42 0 d-------- C:\Program Files\DVD Flick
2008-05-05 18:34:39 0 d-------- C:\Program Files\iPod
2008-05-05 18:34:30 0 d-------- C:\Program Files\iTunes
2008-05-05 18:34:14 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-05 18:33:54 0 d-------- C:\Program Files\Common Files\Apple
2008-05-05 18:32:50 0 d-------- C:\Program Files\Apple Software Update
2008-05-05 18:32:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-03 14:24:59 0 d-------- C:\Program1
2008-05-03 14:23:19 0 d-------- C:\Program Files\Common Files\Download Manager


-- Find3M Report ---------------------------------------------------------------

2008-06-02 15:34:02 0 d-------- C:\Documents and Settings\Robert\Application Data\Zoom Player
2008-06-02 03:55:45 0 d-------- C:\Program Files\BitDownload
2008-06-02 03:55:40 0 d-------- C:\Documents and Settings\Robert\Application Data\BitDownload
2008-06-02 03:54:28 0 d-------- C:\Documents and Settings\Robert\Application Data\WTablet
2008-06-02 03:54:17 0 d-------- C:\Program Files\ViStart
2008-06-01 23:08:53 0 d-------- C:\Program Files\Wyzo
2008-06-01 14:10:06 0 d-------- C:\Program Files\Common Files
2008-06-01 14:08:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-31 05:15:26 0 d-------- C:\Documents and Settings\Robert\Application Data\Azureus
2008-05-31 04:03:49 0 d-------- C:\Program Files\Tablet
2008-05-31 03:22:02 0 d-------- C:\Documents and Settings\Robert\Application Data\Adobe
2008-05-31 00:02:13 0 d-------- C:\Documents and Settings\Robert\Application Data\LimeWire
2008-05-27 22:57:51 0 d-------- C:\Documents and Settings\Robert\Application Data\testinsidebalm
2008-05-27 16:26:11 0 d-------- C:\Program Files\GameSpot
2008-05-27 16:26:11 0 d-------- C:\Program Files\FBrowsingAdvisor
2008-05-27 16:26:10 0 d-------- C:\Program Files\DivX
2008-05-27 16:26:08 0 d-------- C:\Program Files\321Studios
2008-05-27 16:26:07 0 d-------- C:\Program Files\AIM
2008-05-24 23:57:57 0 d-------- C:\Program Files\DScaler
2008-05-24 03:45:20 0 d-------- C:\Documents and Settings\Robert\Application Data\AVG7
2008-05-22 16:01:30 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-22 09:37:32 34 --a------ C:\Documents and Settings\Robert\Application Data\pcouffin.log
2008-05-22 09:37:15 1144 --a------ C:\Documents and Settings\Robert\Application Data\pcouffin.inf
2008-05-22 09:37:15 7887 --a------ C:\Documents and Settings\Robert\Application Data\pcouffin.cat
2008-05-18 23:41:08 0 d-------- C:\Program Files\SurfingEnhancer
2008-05-16 09:50:08 0 d-------- C:\Documents and Settings\Robert\Application Data\dvdcss
2008-05-05 18:34:59 0 d-------- C:\Documents and Settings\Robert\Application Data\Apple Computer
2008-05-03 14:35:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 08:43:33 0 d-------- C:\Program Files\Azureus
2008-05-02 00:46:49 0 d-------- C:\Program Files\SmartEnhancer
2008-05-01 11:45:48 0 d-------- C:\Program Files\DVD Decrypter
2008-05-01 11:43:23 0 d-------- C:\Program Files\Ahead
2008-05-01 11:41:04 0 d-------- C:\Program Files\vso
2008-05-01 11:27:13 0 d-------- C:\Documents and Settings\Robert\Application Data\Wyzo
2008-05-01 11:23:10 0 d-------- C:\Documents and Settings\Robert\Application Data\.wyzo
2008-04-30 10:50:04 0 d-------- C:\Program Files\Elaborate Bytes
2008-04-30 10:25:23 0 d-------- C:\Program Files\LimeWire
2008-04-30 09:38:04 0 --a------ C:\WINDOWS\system32\taskkill.exe
2008-04-30 09:38:03 0 --a------ C:\WINDOWS\b.exe
2008-04-28 09:08:44 6096 --a------ C:\Program Files\install.log
2008-04-26 01:49:58 0 d-------- C:\Program Files\HotKeyBind
2008-04-25 09:41:22 13356 --a------ C:\WINDOWS\system32\winupsvc.exe
2008-04-25 09:41:22 13356 --a------ C:\WINDOWS\system32\winsvcup.exe
2008-04-25 09:41:21 13356 --a------ C:\WINDOWS\system32\mswinup.exe
2008-04-24 22:39:05 0 d-------- C:\Program Files\PlayMP3z
2008-04-22 08:53:27 0 d-------- C:\Program Files\Sonic
2008-04-20 17:16:10 0 d-------- C:\Documents and Settings\Robert\Application Data\Sony
2008-04-20 04:27:58 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-14 18:25:36 0 d-------- C:\Program Files\Bagatrix
2008-04-13 16:27:04 0 d-------- C:\Program Files\Zoom Player
2008-04-13 09:40:42 0 d-------- C:\Documents and Settings\Robert\Application Data\Real
2008-04-12 15:19:17 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-12 15:19:08 0 d-------- C:\Program Files\Common Files\Real
2008-04-12 15:07:23 0 d-------- C:\Program Files\Real
2008-04-12 04:39:08 0 d-------- C:\Documents and Settings\Robert\Application Data\Mozilla
2008-04-12 01:24:42 0 d-------- C:\Program Files\QuickTime
2008-04-11 22:37:31 0 d-------- C:\Documents and Settings\Robert\Application Data\Publish Providers
2008-04-11 22:23:34 0 d-------- C:\Program Files\Sony
2008-04-11 22:22:52 0 d-------- C:\Program Files\Sony Setup
2008-04-11 22:07:26 0 d-------- C:\Program Files\Vstplugins
2008-04-11 22:00:51 0 d-------- C:\Documents and Settings\Robert\Application Data\Sony Setup
2008-04-11 20:54:32 0 d-------- C:\Program Files\DScaler5
2008-04-11 20:54:00 0 d-------- C:\Program Files\ffdshow
2008-04-11 20:53:13 0 d-------- C:\Program Files\CD Audio Reader Filter
2008-04-11 20:53:09 0 d-------- C:\Program Files\OpenSource Flash Video Splitter
2008-04-11 20:53:08 0 d-------- C:\Program Files\RealMedia
2008-04-11 20:52:55 0 d-------- C:\Program Files\SHOUTcast Source
2008-04-11 20:52:43 0 d-------- C:\Program Files\Haali
2008-04-11 20:52:40 0 d-------- C:\Program Files\DSP-worx
2008-04-11 20:52:24 0 d-------- C:\Program Files\DirectVobSub
2008-04-11 09:49:51 0 d-------- C:\Program Files\PowerDataRecovery
2008-04-11 02:10:25 0 d-------- C:\Program Files\WinTV
2008-04-09 20:32:58 0 d-------- C:\Documents and Settings\Robert\Application Data\Leadertech
2008-04-09 20:29:36 0 d-------- C:\Program Files\EPSON
2008-04-09 20:29:15 0 d-------- C:\Program Files\EPSON Print CD
2008-04-09 19:23:00 61678 --a------ C:\Documents and Settings\Robert\Application Data\PFP100JPR.{PB
2008-04-09 19:23:00 12358 --a------ C:\Documents and Settings\Robert\Application Data\PFP100JCM.{PB
2008-04-09 19:22:59 0 d-------- C:\Documents and Settings\Robert\Application Data\Corel
2008-04-08 21:16:53 0 d-------- C:\Program Files\MP3Gain
2008-04-08 09:56:52 252 --a------ C:\xcrashdump.dat
2008-04-04 14:00:42 0 d-------- C:\Documents and Settings\Robert\Application Data\Audacity
2008-04-04 13:32:34 0 d-------- C:\Program Files\Thomson
2008-04-04 13:29:48 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-03 18:17:58 0 d-------- C:\Program Files\Lavasoft
2008-04-03 17:53:59 0 d-------- C:\Documents and Settings\Robert\Application Data\Sun
2008-04-03 11:10:29 0 d-------- C:\Program Files\MSXML 4.0
2008-04-03 03:49:11 0 d-------- C:\Program Files\Java
2008-04-03 03:43:41 0 d-------- C:\Documents and Settings\Robert\Application Data\Winamp
2008-04-03 02:57:32 0 d-------- C:\Program Files\Common Files\NSV
2008-04-03 02:53:08 0 d-------- C:\Documents and Settings\Robert\Application Data\Google
2008-04-03 00:41:37 0 d-------- C:\Program Files\WinFlip
2008-04-03 00:33:43 0 d-------- C:\Program Files\Vista Sidebar
2008-04-02 21:55:05 0 d-------- C:\Program Files\Viewpoint
2008-04-02 21:34:22 0 d-------- C:\Documents and Settings\Robert\Application Data\Aim
2008-04-02 21:33:51 0 d-------- C:\Program Files\AOD
2008-04-02 17:51:19 0 d-------- C:\Program Files\Common Files\Java
2008-04-02 16:29:31 0 d-------- C:\Documents and Settings\Robert\Application Data\MSN6
2008-04-02 15:58:47 0 d-------- C:\Documents and Settings\Robert\Application Data\ViStart
2008-04-02 15:58:05 0 d-------- C:\Program Files\Google
2008-04-02 15:57:15 0 d-------- C:\Documents and Settings\Robert\Application Data\Styler
2008-04-02 15:57:08 0 d-------- C:\Program Files\VisualTooltip
2008-04-02 15:57:08 0 d-------- C:\Program Files\ViOrb
2008-04-02 15:57:08 0 d-------- C:\Program Files\TrueTransparency
2008-04-02 15:57:07 0 d-------- C:\Program Files\Styler
2008-04-02 15:57:06 0 d-------- C:\Program Files\LClock
2008-04-02 15:50:07 0 d-------- C:\Documents and Settings\Robert\Application Data\DivX
2008-04-02 15:49:11 0 d-------- C:\Documents and Settings\Robert\Application Data\WinRAR
2008-04-02 15:46:49 0 d-------- C:\Program Files\Messenger
2008-04-02 14:52:43 0 d-------- C:\Program Files\QuickGamma
2008-04-02 14:35:57 0 d-------- C:\Program Files\Winamp
2008-04-02 14:22:45 0 d-------- C:\Documents and Settings\Robert\Application Data\vlc
2008-04-02 14:18:57 0 d-------- C:\Program Files\VideoLAN
2008-04-02 14:10:34 0 d-------- C:\Documents and Settings\Robert\Application Data\Macromedia
2008-04-02 13:53:29 0 d-------- C:\Documents and Settings\Robert\Application Data\Talkback
2008-04-02 13:53:21 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-02 11:26:06 0 d-------- C:\Program Files\UIU
2008-04-02 00:51:23 0 d-------- C:\Program Files\Bonjour
2008-04-02 00:51:21 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-02 00:45:10 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-01 14:16:12 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-04-01 14:16:11 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-04-01 13:26:09 0 -rahs---- C:\MSDOS.SYS
2008-04-01 13:26:09 0 -rahs---- C:\IO.SYS
2008-04-01 13:26:09 0 --a------ C:\CONFIG.SYS
2008-04-01 13:26:09 0 --a------ C:\AUTOEXEC.BAT
2008-04-01 13:23:57 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-01 05:17:03 62 --ahs---- C:\Documents and Settings\Robert\Application Data\desktop.ini
2008-03-31 14:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 14:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 14:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 14:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 14:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-21 13:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 13:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 13:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 13:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F608C2D0-846D-4F0E-E47A-88367C887707}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [02/25/2004 07:52 PM C:\WINDOWS\mixer.exe]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [12/17/2001 12:18 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [04/01/2008 11:49 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/15/2008 08:25 AM]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [03/09/2005 05:00 AM]
"CmUsbAudio"="cmcnfg2.cpl" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/12/2008 03:18 PM]
"MbarInstall"="C:\DOCUME~1\Robert\LOCALS~1\Temp\temD.tmp.exe" []
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [02/08/2007 01:12 AM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [02/08/2007 01:13 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"viwc"="C:\WINDOWS\system32\viwc.exe" [11/30/2007 05:56 AM]
"LClock"="C:\Program Files\LClock\LClock.exe" [09/20/2004 01:27 AM]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [11/26/2007 07:27 PM]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [11/19/2007 01:01 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"HotKeyBind.exe"="C:\Program Files\HotKeyBind\HotKeyBind.exe" [11/15/2004 11:30 PM]
"BitDownload"="C:\Program Files\BitDownload\BitDownload.exe" [04/04/2007 06:18 AM]
"Pollthis"="C:\DOCUME~1\Robert\APPLIC~1\TESTIN~1\16firstitch.exe" [05/27/2008 10:57 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - SCDEMU



-- Hosts -----------------------------------------------------------------------

127.0.0.1 .supercocklol.com
127.0.0.1 www..webloyalty.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com

8078 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-02 15:37:29 ------------
  • 0

#6
gmcube
Posted 02 June 2008 - 04:43 PM

gmcube

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.53GHz
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 511 MiB / 213.49 MiB
Pagefile Memory (total/avail): 1249.73 MiB / 758.26 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.25 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 298.08 GiB total, 255.95 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
F: is Fixed (NTFS) - 149.05 GiB total, 62.83 GiB free.
G: is Removable (FAT)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - ST3160023A - 149.05 GiB - 1 partition
\PARTITION0 - Installable File System - 149.05 GiB - F:

\\.\PHYSICALDRIVE0 - WDC WD3200AAJB-00WGA0 - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.08 GiB - C:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device - 1937.53 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 1937.13 MiB - G:

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Support.com\\bin\\tgcmd.exe"="C:\\Program Files\\Support.com\\bin\\tgcmd.exe:*:Enabled:ComcastSUPPORT / Support.com Agent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Disabled:Azureus"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Wyzo\\wyzo.exe"="C:\\Program Files\\Wyzo\\wyzo.exe:*:Disabled:Wyzo"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Enabled:Warez3"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Robert\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ROBERT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Robert
LOGONSERVER=\\ROBERT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Sonic\MyDVD;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Robert\LOCALS~1\Temp
TMP=C:\DOCUME~1\Robert\LOCALS~1\Temp
USERDOMAIN=ROBERT
USERNAME=Robert
USERPROFILE=C:\Documents and Settings\Robert
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Robert (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55BC7EFA-D832-4EE3-9DEA-49B0C07539D9}\setup.exe" -l0x9 -L0x9anything
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCDC8E79-4600-4C02-9824-CD3BB8971D4E}\Setup.exe" -l0x9 -L0x9anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Setup --> MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Ahead Nero - Burning Rom --> C:\WINDOWS\UNNERO.exe /UNINSTALL
Algebra 1 Solved! --> MsiExec.exe /X{25511981-E2E8-45FA-9417-3E15A2B43CB3}
Any Video Converter 2.5.9 --> "C:\Program Files\Any Video Converter\unins000.exe"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
BitDownload 1.5.4 --> C:\Program Files\BitDownload\Uninstall.exe
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll"
C-Media USB WDM Audio Driver --> C:\WINDOWS\system32\cmdrvrm.exe
CD Audio Reader Filter (remove only) --> "C:\Program Files\CD Audio Reader Filter\uninstall.exe"
CiD Help --> C:\DOCUME~1\Robert\APPLIC~1\TESTIN~1\16firstitch.exe -uninstall
Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Comcast Universal Installer v1.2 --> MsiExec.exe /I{54AE3C08-D7D8-45FF-9348-0B4BE0D5A6CB}
CopyToDVD --> "C:\Program Files\vso\CopyToDVD\unins000.exe"
DC-Bass Source 1.1.1 --> "C:\Program Files\DSP-worx\DC-Bass Source\Uninstall.exe"
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DirectVobSub (remove only) --> "C:\Program Files\DirectVobSub\uninstall.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNG4PS-2 --> "C:\Program Files\DNG4PS-2\uninstall.exe"
dng4ps2 --> "C:\Program Files\dng4ps2\uninstall.exe"
DScaler 4.1.15 --> "C:\Program Files\DScaler\unins000.exe"
DScaler 5 Mpeg Decoders --> "C:\Program Files\DScaler5\unins000.exe"
DVD Copy Plus --> MsiExec.exe /I{2E661193-B28F-4D59-A534-9E0D294B39F8}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Flick --> "C:\Program Files\DVD Flick\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD X Copy Platinum 4.0.3 --> "C:\Program Files\321Studios\Platinum\uninstall.exe"
DVD X Rescue --> C:\PROGRA~1\321STU~1\DVDXRE~1\UNWISE.EXE C:\PROGRA~1\321STU~1\DVDXRE~1\INSTALL.LOG
DVDXCopy Platinum 4.0.3 --> "C:\Program Files\321Studios\uninstall.exe"
Easy MPEG/AVI/DIVX/WMV/RM to DVD 1.8.6 --> "C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD\unins000.exe"
EPSON ESPR220 Reference Guide --> C:\Program Files\epson\guide\spr220_e\uninstall.exe
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.exe" -l0x9 -SYSTEM
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
FBrowsingAdvisor --> "C:\Program Files\FBrowsingAdvisor\unins000.exe"
ffdshow [rev 1685] [2007-12-06] --> "C:\Program Files\ffdshow\unins000.exe"
Fly DVD Copier Version 4.8 --> "C:\Program Files\FlyDVDCopier\unins000.exe"
Freez DVD Ripper v1.5 --> "C:\Program Files\Smallvideosoft\Freez DVD Ripper\unins000.exe"
Freez FLV to AVI/MPEG/WMV Converter --> "C:\Program Files\Smallvideosoft\Freez FLV to AVI MPEG WMV Converter\unins000.exe"
GameSpot Download Manager --> "C:\Program Files\GameSpot\uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Haali Media Splitter --> "C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
Hauppauge WinTV2000 --> C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HotKeyBind 1.2 --> "C:\Program Files\HotKeyBind\unins000.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam --> MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Lyra Digital Audio Player (RD2312/15/17) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5A1216-C156-49C2-8DF3-3DE3C4158045}\setup.exe" -l0x9 -remove
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft DirectX Transform optional components --> RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
MyDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\SETUP.EXE" -l0x9 -L0x9 /SMAINT
OpenSource Flash Video Splitter (remove only) --> "C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe"
Opera 9.27 --> MsiExec.exe /X{04DB4871-BC1D-44BF-AADB-47326365EB8C}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pen Tablet --> C:\Program Files\Tablet\Pen\Remove.exe /u
PlayMP3z --> C:\Program Files\PlayMP3z\uninstall.exe
Power Data Recovery 4.5.2 --> "C:\Program Files\PowerDataRecovery\unins000.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PrintMaster Platinum 18 --> MsiExec.exe /I{EBD9A954-6C1A-4E9F-A098-C98653035381}
QuickGamma 2.0.0.3 --> "C:\Program Files\QuickGamma\unins000.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealMedia (remove only) --> "C:\Program Files\RealMedia\uninstall.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SHOUTcast Source (remove only) --> "C:\Program Files\SHOUTcast Source\uninstall.exe"
SmartEnhancer --> C:\Program Files\SmartEnhancer\uninstall.exe
Sony Vegas Movie Studio Platinum 8.0 --> MsiExec.exe /X{B8E8C8EC-5C22-4B02-9C02-D851262F574C}
SoundCheck --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02A232A7-07E1-47B7-AA38-C34FE6E44499}\setup.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SurfingEnhancer --> C:\Program Files\SurfingEnhancer\uninstall.exe
Turtle Beach Riviera --> cmuninst.exe
Turtle Beach Riviera Applications Setup --> C:\Program Files\Turtle Beach Riviera Applications\Bin\Uninstall.exe
VideoLAN VLC media player 0.8.6e --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Vista Transformation Pack 8.0 --> C:\WINDOWS\system32\viwc.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Speech Recognition Macros --> MsiExec.exe /X{8DC197D6-F4AB-44E0-ACF7-210355E6F389}
WinFF 0.41 --> "C:\Program Files\WinFF\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 2002 --> C:\WINDOWS\Corel\uninst32.exe
WordPerfect Office 2002 --> C:\WINDOWS\Corel\Uninst32.exe
Wyzo 0.5.3 --> C:\Program Files\Wyzo\uninst.exe
Zoom Player (remove only) --> "C:\Program Files\Zoom Player\uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type800 / Error
Event Submitted/Written: 06/02/2008 03:17:19 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type799 / Error
Event Submitted/Written: 06/01/2008 04:18:37 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.
Processing media-specific event for [aim.exe!ws!]

Event Record #/Type796 / Error
Event Submitted/Written: 05/30/2008 11:33:06 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.9.0.3054, faulting module npswf32.dll, version 9.0.115.0, fault address 0x000cab94.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type795 / Error
Event Submitted/Written: 05/30/2008 05:55:05 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application vistart.exe, version 1.5.0.2661, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.
Processing media-specific event for [vistart.exe!ws!]

Event Record #/Type790 / Error
Event Submitted/Written: 05/28/2008 09:47:01 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Pen_Tablet.exe, version 5.0.8.2, faulting module Pen_Tablet.exe, version 5.0.8.2, fault address 0x000eca64.
Processing media-specific event for [Pen_Tablet.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7948 / Error
Event Submitted/Written: 06/02/2008 03:12:45 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Event Record #/Type7946 / Error
Event Submitted/Written: 06/02/2008 05:06:22 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Event Record #/Type7944 / Error
Event Submitted/Written: 06/02/2008 04:14:44 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Event Record #/Type7942 / Error
Event Submitted/Written: 06/02/2008 04:02:45 AM / 06/02/2008 04:02:46 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type7896 / Error
Event Submitted/Written: 06/02/2008 01:33:53 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
%%5



-- End of Deckard's System Scanner: finished at 2008-06-02 15:37:29 ------------
  • 0

#7
Rorschach112
Posted 02 June 2008 - 04:54 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {F608C2D0-846D-4F0E-E47A-88367C887707} - (no file)
O4 - HKCU\..\Run: [Pollthis] C:\DOCUME~1\Robert\APPLIC~1\TESTIN~1\16firstitch.exe

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Program Files\PlayMP3z\PlayMP3.exe
F:\LimeWire\Incomplete\T-1932810-Wicked Remix.wma
C:\WINDOWS\Tasks\AB258A26914A06CE.job
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\b.exe
C:\WINDOWS\system32\winupsvc.exe
C:\WINDOWS\system32\winsvcup.exe
C:\WINDOWS\system32\mswinup.exe
C:\DOCUME~1\Robert\APPLIC~1\TESTIN~1
purity 
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.


@echo off
dir "F:\LimeWire\Incomplete">C:\peek.txt
start C:\peek.txt
del peek.bat


Click on 'File' then 'Save As'
In the Save in drop down box select Desktop
In the File name box type in peek.bat
In the Save as type drop down box select All Files
Close Notepad.

Now, find peek.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.


Post the resulting notepad file that appears



Also post a new DSS log
  • 0

#8
gmcube
Posted 02 June 2008 - 07:18 PM

gmcube

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
Explorer killed successfully
C:\Program Files\PlayMP3z\PlayMP3.exe moved successfully.
F:\LimeWire\Incomplete\T-1932810-Wicked Remix.wma moved successfully.
C:\WINDOWS\Tasks\AB258A26914A06CE.job moved successfully.
C:\WINDOWS\system32\taskkill.exe moved successfully.
C:\WINDOWS\b.exe moved successfully.
C:\WINDOWS\system32\winupsvc.exe moved successfully.
C:\WINDOWS\system32\winsvcup.exe moved successfully.
C:\WINDOWS\system32\mswinup.exe moved successfully.
C:\DOCUME~1\Robert\APPLIC~1\TESTIN~1 moved successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06022008_210811


thats was as far as I got. when clicking that bat file the window opened and closed as it should, but did not give me a notepad file.


Deckard's System Scanner v20071014.68
Run by Robert on 2008-06-03 01:45:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Robert.exe) ----------------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-03 01:45:37
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\mixer.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAIA.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HotKeyBind\HotKeyBind.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Corel\WordPerfect Office 2002\Programs\wpwin10.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\Robert\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [CmUsbAudio] RunDll32 cmcnfg2.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MbarInstall] C:\DOCUME~1\Robert\LOCALS~1\Temp\temD.tmp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HotKeyBind.exe] C:\Program Files\HotKeyBind\HotKeyBind.exe
O4 - HKCU\..\Run: [BitDownload] "C:\Program Files\BitDownload\BitDownload.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Epson printer Registration.lnk = E:\Titles\Ereg\EPSONREG.EXE
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Platinum 18\Remind.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://dlm.christianbook.com (HKCU)
O15 - Trusted Zone: http://drm.christianbook.com (HKCU)
O15 - Trusted Zone: https://www.christianbook.com (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe


--
End of file - 8975 bytes

-- Files created between 2008-05-03 and 2008-06-03 -----------------------------

2008-06-02 22:41:51 0 d-------- C:\Documents and Settings\Robert\Application Data\Help
2008-06-02 15:43:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-02 15:43:45 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-02 15:43:44 0 d-------- C:\WINDOWS\LastGood
2008-06-01 14:10:47 1855488 -ra------ C:\WINDOWS\system32\drivers\MIXER.EXE <Not Verified; C-Media Electronic Inc. (www.cmedia.com.tw); Mixer>
2008-06-01 14:10:46 765952 -ra------ C:\WINDOWS\system32\drivers\CRLDS3D.DLL <Not Verified; Sensaura Ltd; Sensaura 3DPA>
2008-06-01 14:10:45 139264 -ra------ C:\WINDOWS\system32\drivers\CMUNINST.EXE <Not Verified; C-Media Electronics Inc.; CMIUninst Application>
2008-06-01 14:10:45 135168 -ra------ C:\WINDOWS\system32\drivers\CMUNINST.DAT <Not Verified; C-Media Electronics Inc.; CMIUninst Application>
2008-06-01 14:10:45 32768 -ra------ C:\WINDOWS\system32\drivers\CMNPROP.DLL <Not Verified; C-Media Corporation; CMI8738/CMI9738 Audio Device>
2008-06-01 14:10:45 1127 -ra------ C:\WINDOWS\system32\drivers\cmijack.dat
2008-06-01 14:10:45 3360 -ra------ C:\WINDOWS\system32\drivers\cmiainfo.sys
2008-06-01 14:10:44 436 -ra------ C:\WINDOWS\system32\drivers\cmaudio.dat
2008-06-01 14:10:44 712704 -ra------ C:\WINDOWS\system32\drivers\AUDIO3D.DLL <Not Verified; Sensaura Ltd; Sensaura>
2008-06-01 14:10:06 0 d-------- C:\Program Files\Common Files\Voyetra
2008-06-01 14:10:02 0 d-------- C:\Program Files\Common Files\Turtle Beach
2008-06-01 14:08:54 0 d-------- C:\Program Files\Voyetra Turtle Beach
2008-05-31 02:30:06 0 d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-31 02:19:16 0 d-------- C:\Program Files\PowerISO
2008-05-29 17:04:31 0 d-------- C:\Program Files\Trend Micro
2008-05-27 22:57:28 0 d-------- C:\Program Files\testinsidebalm
2008-05-27 16:03:11 0 d-------- C:\Program Files\dng4ps2
2008-05-27 16:01:28 0 d-------- C:\Program Files\DNG4PS-2
2008-05-27 15:11:25 0 d-------- C:\Program Files\ComcastUI
2008-05-27 12:16:17 0 d-------- C:\Program Files\support.com
2008-05-27 12:16:07 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-05-23 09:15:47 0 d-------- C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2008-05-22 09:37:14 47360 --a------ C:\Documents and Settings\Robert\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-22 09:37:13 0 d-------- C:\Documents and Settings\Robert\Application Data\Vso
2008-05-22 09:37:08 0 d-------- C:\Program Files\FlyDVDCopier
2008-05-20 16:53:12 0 d-------- C:\Program Files\WSRMacros
2008-05-17 22:01:17 0 d-------- C:\CLOVERFIELD_DOM
2008-05-16 10:50:12 0 d-------- C:\Documents and Settings\Robert\Application Data\ImgBurn
2008-05-16 08:59:44 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-16 08:59:42 0 d-------- C:\Program Files\DVD Shrink
2008-05-15 09:45:55 0 d-------- C:\Documents and Settings\Robert\Application Data\Any Video Converter
2008-05-15 09:45:50 0 d-------- C:\Program Files\Any Video Converter
2008-05-14 11:06:25 0 d-------- C:\Documents and Settings\Robert\Application Data\WinFF
2008-05-14 11:06:22 0 d-------- C:\Program Files\WinFF
2008-05-13 22:45:35 0 d-------- C:\Documents and Settings\Robert\Application Data\Opera
2008-05-13 22:45:14 0 d-------- C:\Program Files\Opera
2008-05-13 00:22:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-05-13 00:22:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-12 23:51:48 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-05-12 23:46:00 0 d-------- C:\Program Files\Logitech
2008-05-12 18:55:31 0 d-------- C:\Documents and Settings\Robert\Application Data\Coolbox
2008-05-12 18:55:08 0 d-------- C:\Program Files\MobiDVD
2008-05-08 18:00:37 0 d-------- C:\Program Files\MediaCoder
2008-05-08 10:01:41 0 d-------- C:\videooutput
2008-05-08 10:01:39 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-08 10:01:39 383238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-05-08 10:01:38 3086336 --a------ C:\WINDOWS\system32\flvvideo.dll
2008-05-08 10:01:37 3086336 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-05-08 09:59:31 487479 --a------ C:\WINDOWS\system32\SkinMagic.dll <Not Verified; Appspeed Inc.; Appspeed SkinMagic Toolkit>
2008-05-08 09:59:31 66048 --a------ C:\WINDOWS\system32\cygz.dll
2008-05-08 09:59:31 1872821 --a------ C:\WINDOWS\system32\cygwin1.dll <Not Verified; Red Hat; Cygwin>
2008-05-08 09:59:30 6664208 --a------ C:\WINDOWS\system32\dvdripcore.dll
2008-05-08 09:59:30 0 d-------- C:\Program Files\Smallvideosoft
2008-05-08 09:55:54 0 d-------- C:\Documents and Settings\Robert\Application Data\DVD Flick
2008-05-08 09:55:42 0 d-------- C:\Program Files\DVD Flick
2008-05-05 18:34:39 0 d-------- C:\Program Files\iPod
2008-05-05 18:34:30 0 d-------- C:\Program Files\iTunes
2008-05-05 18:34:14 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-05 18:33:54 0 d-------- C:\Program Files\Common Files\Apple
2008-05-05 18:32:50 0 d-------- C:\Program Files\Apple Software Update
2008-05-05 18:32:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-03 14:24:59 0 d-------- C:\Program1
2008-05-03 14:23:19 0 d-------- C:\Program Files\Common Files\Download Manager


-- Find3M Report ---------------------------------------------------------------

2008-06-02 21:08:12 0 d-------- C:\Program Files\PlayMP3z
2008-06-02 19:29:47 0 d-------- C:\Documents and Settings\Robert\Application Data\Zoom Player
2008-06-02 03:55:45 0 d-------- C:\Program Files\BitDownload
2008-06-02 03:55:40 0 d-------- C:\Documents and Settings\Robert\Application Data\BitDownload
2008-06-02 03:54:28 0 d-------- C:\Documents and Settings\Robert\Application Data\WTablet
2008-06-02 03:54:17 0 d-------- C:\Program Files\ViStart
2008-06-01 23:08:53 0 d-------- C:\Program Files\Wyzo
2008-06-01 14:10:06 0 d-------- C:\Program Files\Common Files
2008-06-01 14:08:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-31 05:15:26 0 d-------- C:\Documents and Settings\Robert\Application Data\Azureus
2008-05-31 04:03:49 0 d-------- C:\Program Files\Tablet
2008-05-31 03:22:02 0 d-------- C:\Documents and Settings\Robert\Application Data\Adobe
2008-05-31 00:02:13 0 d-------- C:\Documents and Settings\Robert\Application Data\LimeWire
2008-05-27 16:26:11 0 d-------- C:\Program Files\GameSpot
2008-05-27 16:26:11 0 d-------- C:\Program Files\FBrowsingAdvisor
2008-05-27 16:26:10 0 d-------- C:\Program Files\DivX
2008-05-27 16:26:08 0 d-------- C:\Program Files\321Studios
2008-05-27 16:26:07 0 d-------- C:\Program Files\AIM
2008-05-24 23:57:57 0 d-------- C:\Program Files\DScaler
2008-05-24 03:45:20 0 d-------- C:\Documents and Settings\Robert\Application Data\AVG7
2008-05-22 16:01:30 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-22 09:37:32 34 --a------ C:\Documents and Settings\Robert\Application Data\pcouffin.log
2008-05-22 09:37:15 1144 --a------ C:\Documents and Settings\Robert\Application Data\pcouffin.inf
2008-05-22 09:37:15 7887 --a------ C:\Documents and Settings\Robert\Application Data\pcouffin.cat
2008-05-18 23:41:08 0 d-------- C:\Program Files\SurfingEnhancer
2008-05-16 09:50:08 0 d-------- C:\Documents and Settings\Robert\Application Data\dvdcss
2008-05-05 18:34:59 0 d-------- C:\Documents and Settings\Robert\Application Data\Apple Computer
2008-05-03 14:35:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 08:43:33 0 d-------- C:\Program Files\Azureus
2008-05-02 00:46:49 0 d-------- C:\Program Files\SmartEnhancer
2008-05-01 11:45:48 0 d-------- C:\Program Files\DVD Decrypter
2008-05-01 11:43:23 0 d-------- C:\Program Files\Ahead
2008-05-01 11:41:04 0 d-------- C:\Program Files\vso
2008-05-01 11:27:13 0 d-------- C:\Documents and Settings\Robert\Application Data\Wyzo
2008-05-01 11:23:10 0 d-------- C:\Documents and Settings\Robert\Application Data\.wyzo
2008-04-30 10:50:04 0 d-------- C:\Program Files\Elaborate Bytes
2008-04-30 10:25:23 0 d-------- C:\Program Files\LimeWire
2008-04-28 09:08:44 6096 --a------ C:\Program Files\install.log
2008-04-26 01:49:58 0 d-------- C:\Program Files\HotKeyBind
2008-04-22 08:53:27 0 d-------- C:\Program Files\Sonic
2008-04-20 17:16:10 0 d-------- C:\Documents and Settings\Robert\Application Data\Sony
2008-04-20 04:27:58 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-14 18:25:36 0 d-------- C:\Program Files\Bagatrix
2008-04-13 16:27:04 0 d-------- C:\Program Files\Zoom Player
2008-04-13 09:40:42 0 d-------- C:\Documents and Settings\Robert\Application Data\Real
2008-04-12 15:19:17 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-12 15:19:08 0 d-------- C:\Program Files\Common Files\Real
2008-04-12 15:07:23 0 d-------- C:\Program Files\Real
2008-04-12 04:39:08 0 d-------- C:\Documents and Settings\Robert\Application Data\Mozilla
2008-04-12 01:24:42 0 d-------- C:\Program Files\QuickTime
2008-04-11 22:37:31 0 d-------- C:\Documents and Settings\Robert\Application Data\Publish Providers
2008-04-11 22:23:34 0 d-------- C:\Program Files\Sony
2008-04-11 22:22:52 0 d-------- C:\Program Files\Sony Setup
2008-04-11 22:07:26 0 d-------- C:\Program Files\Vstplugins
2008-04-11 22:00:51 0 d-------- C:\Documents and Settings\Robert\Application Data\Sony Setup
2008-04-11 20:54:32 0 d-------- C:\Program Files\DScaler5
2008-04-11 20:54:00 0 d-------- C:\Program Files\ffdshow
2008-04-11 20:53:13 0 d-------- C:\Program Files\CD Audio Reader Filter
2008-04-11 20:53:09 0 d-------- C:\Program Files\OpenSource Flash Video Splitter
2008-04-11 20:53:08 0 d-------- C:\Program Files\RealMedia
2008-04-11 20:52:55 0 d-------- C:\Program Files\SHOUTcast Source
2008-04-11 20:52:43 0 d-------- C:\Program Files\Haali
2008-04-11 20:52:40 0 d-------- C:\Program Files\DSP-worx
2008-04-11 20:52:24 0 d-------- C:\Program Files\DirectVobSub
2008-04-11 09:49:51 0 d-------- C:\Program Files\PowerDataRecovery
2008-04-11 02:10:25 0 d-------- C:\Program Files\WinTV
2008-04-09 20:32:58 0 d-------- C:\Documents and Settings\Robert\Application Data\Leadertech
2008-04-09 20:29:36 0 d-------- C:\Program Files\EPSON
2008-04-09 20:29:15 0 d-------- C:\Program Files\EPSON Print CD
2008-04-09 19:23:00 61678 --a------ C:\Documents and Settings\Robert\Application Data\PFP100JPR.{PB
2008-04-09 19:23:00 12358 --a------ C:\Documents and Settings\Robert\Application Data\PFP100JCM.{PB
2008-04-09 19:22:59 0 d-------- C:\Documents and Settings\Robert\Application Data\Corel
2008-04-08 21:16:53 0 d-------- C:\Program Files\MP3Gain
2008-04-08 09:56:52 252 --a------ C:\xcrashdump.dat
2008-04-04 14:00:42 0 d-------- C:\Documents and Settings\Robert\Application Data\Audacity
2008-04-04 13:32:34 0 d-------- C:\Program Files\Thomson
2008-04-04 13:29:48 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-03 18:17:58 0 d-------- C:\Program Files\Lavasoft
2008-04-03 17:53:59 0 d-------- C:\Documents and Settings\Robert\Application Data\Sun
2008-04-03 11:10:29 0 d-------- C:\Program Files\MSXML 4.0
2008-04-03 03:49:11 0 d-------- C:\Program Files\Java
2008-04-03 03:43:41 0 d-------- C:\Documents and Settings\Robert\Application Data\Winamp
2008-04-03 02:57:32 0 d-------- C:\Program Files\Common Files\NSV
2008-04-03 02:53:08 0 d-------- C:\Documents and Settings\Robert\Application Data\Google
2008-04-03 00:41:37 0 d-------- C:\Program Files\WinFlip
2008-04-03 00:33:43 0 d-------- C:\Program Files\Vista Sidebar
2008-04-02 13:53:21 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-01 14:16:12 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-04-01 14:16:11 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-04-01 13:26:09 0 -rahs---- C:\MSDOS.SYS
2008-04-01 13:26:09 0 -rahs---- C:\IO.SYS
2008-04-01 13:26:09 0 --a------ C:\CONFIG.SYS
2008-04-01 13:26:09 0 --a------ C:\AUTOEXEC.BAT
2008-04-01 13:23:57 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-01 05:17:03 62 --ahs---- C:\Documents and Settings\Robert\Application Data\desktop.ini
2008-03-31 14:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 14:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 14:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 14:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 14:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-21 13:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 13:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 13:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 13:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [02/25/2004 07:52 PM C:\WINDOWS\mixer.exe]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [12/17/2001 12:18 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [04/01/2008 11:49 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/15/2008 08:25 AM]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [03/09/2005 05:00 AM]
"CmUsbAudio"="cmcnfg2.cpl" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/12/2008 03:18 PM]
"MbarInstall"="C:\DOCUME~1\Robert\LOCALS~1\Temp\temD.tmp.exe" []
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [02/08/2007 01:12 AM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [02/08/2007 01:13 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"viwc"="C:\WINDOWS\system32\viwc.exe" [11/30/2007 05:56 AM]
"LClock"="C:\Program Files\LClock\LClock.exe" [09/20/2004 01:27 AM]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [11/26/2007 07:27 PM]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [11/19/2007 01:01 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"HotKeyBind.exe"="C:\Program Files\HotKeyBind\HotKeyBind.exe" [11/15/2004 11:30 PM]
"BitDownload"="C:\Program Files\BitDownload\BitDownload.exe" [04/04/2007 06:18 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - SCDEMU



-- End of Deckard's System Scanner: finished at 2008-06-03 01:46:14 ------------

Edited by gmcube, 02 June 2008 - 11:50 PM.

  • 0

#9
Rorschach112
Posted 03 June 2008 - 06:59 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
It should be in C:\Peek.txt ?

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also tell me how your PC is running
  • 0

#10
gmcube
Posted 03 June 2008 - 01:11 PM

gmcube

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
Yeah, I dont know what to tell ya about that peek.txt. I its not in C:/. I even did a hardrive search for it, and nothing was found.


Malwarebytes' Anti-Malware 1.14
Database version: 818

3:09:36 PM 6/3/2008
mbam-log-6-3-2008 (15-09-36).txt

Scan type: Quick Scan
Objects scanned: 38491
Time elapsed: 7 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\smartenhancer.pornpro_bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartenhancer.pornpro_bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\smartenhancer (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MbarInstall (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Program Files\SmartEnhancer (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Robert\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Thumbs.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Program Files\SmartEnhancer\pcre3.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\SmartEnhancer\SmartEnhancer.dat (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\SmartEnhancer\uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Robert\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully.




My system seems to be running pretty good now.
  • 0

Advertisements

#11
Rorschach112
Posted 03 June 2008 - 01:18 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#12
gmcube
Posted 07 June 2008 - 12:49 PM

gmcube

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
Wow, umm, its back already. I thought I had the nessisary tools to prevent this from happening again (or at least not so soon) but aparantly not.
or maybe something was missed in the logs, I dunno. should I just repeat the whole process again or should I do something different this time?

Edit: its been several hours and I dont see it anymore. not sure if it really came back or I was just seeing things earler.

Edited by gmcube, 07 June 2008 - 10:46 PM.

  • 0

#13
Rorschach112
Posted 08 June 2008 - 03:59 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Post a new HijackThis log and tell me whats wrong
  • 0

#14
gmcube
Posted 09 June 2008 - 12:28 AM

gmcube

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
hmm, I havnt seen any evidence of it anymore since I last mentioned it, so Im not sure whats going on. when I saw it my pc was acting kind of slow. I ended the task in the task manager and havnt seen it again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:57 AM, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HotKeyBind\HotKeyBind.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F608C2D0-846D-4F0E-E47A-88367C887707} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [CmUsbAudio] RunDll32 cmcnfg2.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HotKeyBind.exe] C:\Program Files\HotKeyBind\HotKeyBind.exe
O4 - HKCU\..\Run: [BitDownload] "C:\Program Files\BitDownload\BitDownload.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: Epson printer Registration.lnk = E:\Titles\Ereg\EPSONREG.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Epson printer Registration.lnk = E:\Titles\Ereg\EPSONREG.EXE (User 'Default user')
O4 - Startup: Epson printer Registration.lnk = E:\Titles\Ereg\EPSONREG.EXE
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Platinum 18\Remind.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {DCDD459D-4C53-4D86-A3CB-0988FBFF5469} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {F7F99157-5D50-4898-9A92-F817A5504524} - http://www.comcastsupport.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://drm.christianbook.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 8056 bytes
  • 0

#15
Rorschach112
Posted 09 June 2008 - 04:53 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
You are clean, follow my instructions in Post #11

Tell me how that goes
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP