Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Visual C++ Runtime Library


  • Please log in to reply
10 replies to this topic

#1 eckdawg5

eckdawg5

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 25 January 2008 - 02:56 AM

It says:
Microsoft Visual C++ Runtime Library
Buffer overrun detected!

Program: C:\Windows\explorer.exe

A buffer overrun has been detected which has corrupted the program's internal state. The program cannot safely continue execution and must now be terminated.

I'm running McAfee Antivirus and just downloaded McAfee Stinger, Ad-Aware, and SpyBot S&D

Here's my HijackLog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:31 PM, on 1/24/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DELL AIO PRINTER 946\DLCImon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\Program Files\Dell\QuickSet\quickset.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FAOOKVE7\VundoFix[1].exe
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQJPIJID\spybotsd15[1].exe
C:\Users\eckdawg5\AppData\Local\Temp\is-10EV4.tmp\is-H2PMK.tmp
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\eckdawg5\AppData\Local\Temp\xxyvv.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\eckdawg5\AppData\Local\Temp\gebcc.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\eckdawg5\AppData\Local\Temp\xxyvv.dll,c
O4 - HKCU\..\Run: [fe2e343a] rundll32.exe "C:\Users\eckdawg5\AppData\Local\Temp\wryiajcm.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\~DF7964.tmp C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1\5240 C:\Users\eckdawg5\AppData\Local\Temp\E4J699~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\~DF7964.tmp C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1\5240 C:\Users\eckdawg5\AppData\Local\Temp\E4J699~1.SH! (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: dlci_device - - C:\Windows\system32\dlcicoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12799 bytes





Thanks in advance for your help.

BC AdBot (Login to Remove)

 


#2 eckdawg5

eckdawg5
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 25 January 2008 - 04:42 AM

If I click ok on the Microsoft Visual C++ Runtime Library, all the icons on my desktop disappear and the start bar below disappears. They come back, kinda like a reboot, but my virus protection catches a trojan virus in a file (I'll try to get the destination next time it appears) and this happens and repeats quite persistently.

#3 eckdawg5

eckdawg5
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 25 January 2008 - 06:24 PM

bump

#4 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:05:04 AM

Posted 01 February 2008 - 09:26 PM

Hello eckdawg5

sorry for the delay

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Next
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

In your next reply I will need to see the vundofix.txt
and the main and extra txt from DS please

#5 eckdawg5

eckdawg5
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 02 February 2008 - 05:04 AM

okay so vundofix found no virtumonde and there isn't a vundofix.txt but here's the deckard and i'll make another post with the new hijacklog


Deckard's System Scanner v20071014.68
Run by eckdawg5 on 2008-02-02 02:44:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 1 Restore Point(s) --
1: 2008-01-27 23:21:31 UTC - RP173 - Device Driver Package Install: MagicISO, Inc. Storage controllers


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as eckdawg5.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:48:30 AM, on 2/2/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\DELL AIO PRINTER 946\DLCImon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\eckdawg5\Desktop\dss.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\eckdawg5.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\eckdawg5\AppData\Local\Temp\xxyvv.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\eckdawg5\AppData\Local\Temp\gebcc.dll,#1
O4 - HKCU\..\Run: [fe2e343a] rundll32.exe "C:\Users\eckdawg5\AppData\Local\Temp\wryiajcm.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\eckdawg5\AppData\Local\Temp\xxyvv.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\~DF7964.tmp C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1\5240 C:\Users\eckdawg5\AppData\Local\Temp\E4J699~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\~DF7964.tmp C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1\5240 C:\Users\eckdawg5\AppData\Local\Temp\E4J699~1.SH! (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: dlci_device - - C:\Windows\system32\dlcicoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\Program Files\Spyware Terminator\sp_rsser.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12134 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" (file missing)
S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-01 01:00:29 358 --a------ C:\Windows\Tasks\McQcTask.job
2008-01-15 06:38:55 356 --a------ C:\Windows\Tasks\McDefragTask.job


-- Files created between 2008-01-02 and 2008-02-02 -----------------------------

2008-02-02 00:58:22 0 d-------- C:\VundoFix Backups
2008-01-27 16:19:08 92544 --a------ C:\Windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-01-27 16:19:02 0 d-------- C:\Program Files\MagicDisc
2008-01-25 00:47:37 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 23:44:44 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-24 22:51:54 0 d-------- C:\Program Files\Trend Micro
2008-01-24 18:23:20 0 d-------- C:\Program Files\Spyware Terminator
2008-01-24 18:02:06 0 d-------- C:\Program Files\Lavasoft
2008-01-24 18:02:05 0 d-------- C:\Users\All Users\Lavasoft
2008-01-23 17:50:02 48 --a------ C:\Users\eckdawg5\readme.bat
2008-01-23 17:50:00 33280 --a------ C:\Users\eckdawg5\serial.exe
2008-01-22 19:12:18 0 d-------- C:\Program Files\iPod
2008-01-22 19:12:01 0 d-------- C:\Program Files\iTunes
2008-01-22 19:08:22 0 d-------- C:\Program Files\QuickTime


-- Find3M Report ---------------------------------------------------------------

2008-02-02 00:36:55 17408 --a------ C:\Windows\system32\rpcnetp.exe
2008-02-02 00:36:37 17408 --a------ C:\Windows\system32\rpcnetp.dll
2008-02-02 00:36:36 41584 --a------ C:\Windows\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-01-29 03:22:39 0 d-------- C:\Users\eckdawg5\AppData\Roaming\Google
2008-01-28 16:55:19 0 d-------- C:\Users\eckdawg5\AppData\Roaming\Azureus
2008-01-27 17:54:28 0 d-------- C:\Program Files\Dl_cats
2008-01-25 00:47:37 0 d-------- C:\Program Files\Common Files
2008-01-24 23:25:07 0 d-------- C:\Users\eckdawg5\AppData\Roaming\Application Data <APPLIC~1>
2008-01-23 00:34:31 0 d-------- C:\Users\eckdawg5\AppData\Roaming\LimeWire
2008-01-21 01:09:22 0 d-------- C:\Program Files\McAfee
2008-01-09 01:15:13 0 d-------- C:\Program Files\Windows Mail
2008-01-09 01:15:12 0 d-------- C:\Program Files\Windows Sidebar
2008-01-02 10:13:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-02 10:12:22 0 d-------- C:\Program Files\VstPlugins
2008-01-02 10:12:22 0 d-------- C:\Program Files\Image-Line
2007-12-26 23:42:05 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-23 21:29:24 0 d-------- C:\Users\eckdawg5\AppData\Roaming\DAEMON Tools
2007-12-22 18:55:01 0 d-------- C:\Program Files\Azureus
2007-12-09 03:06:56 0 d-------- C:\Program Files\Eidos Interactive
2007-12-04 07:37:57 0 d-------- C:\Program Files\Stamps.com Internet Postage
2007-12-04 07:37:56 36 --ah----- C:\Windows\system32\f9t.dat
2007-12-04 07:37:56 0 d-------- C:\Users\eckdawg5\AppData\Roaming\Stamps.com Internet Postage
2007-12-04 04:02:51 0 d-------- C:\Users\eckdawg5\AppData\Roaming\Adobe
2007-11-09 02:53:05 0 --a------ C:\Windows\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/16/2007 11:15 PM]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [05/20/2007 10:42 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [06/24/2007 10:17 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [05/20/2007 10:44 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [05/20/2007 10:44 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [05/20/2007 10:44 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 09:37 AM]
"@"="" []
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [04/16/2007 02:10 PM]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/16/2007 03:47 PM]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"DLCICATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll" [10/20/2006 06:01 PM]
"dlcimon.exe"="C:\Program Files\Dell AIO Printer 946\dlcimon.exe" [01/12/2007 02:52 PM]
"FaxCenterServer"="C:\Program Files\Dell Fax Solutions\fm3032.exe" [11/03/2006 05:51 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/24/2007 03:38 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 03:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 05:35 AM]
"MSServer"="C:\Users\eckdawg5\AppData\Local\Temp\gebcc.dll,#1" []
"fe2e343a"="C:\Users\eckdawg5\AppData\Local\Temp\wryiajcm.dll,b" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
"cmds"="C:\Users\eckdawg5\AppData\Local\Temp\xxyvv.dll,c" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\~DF7964.tmp C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1\5240 C:\Users\eckdawg5\AppData\Local\Temp\E4J699~1.SH!

C:\Users\eckdawg5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [1/27/2008 4:19:04 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 8:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/16/2007 3:32:35 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [10/17/2007 4:30:59 PM]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [8/16/2007 3:35:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7873 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-02-02 02:58:23 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7300 @ 2.00GHz
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 2037.57 MiB / 1051.8 MiB
Pagefile Memory (total/avail): 4294.41 MiB / 3102.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1942.75 MiB

C: is Fixed (NTFS) - 136.48 GiB total, 64.35 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 5.75 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK1637GSX - 149.05 GiB - 4 partitions
\PARTITION0 - Unknown - 70.57 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 136.48 GiB - C:
\PARTITION3 - Extended w/Extended Int 13 - 2.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: McAfee Personal Firewall v (McAfee) Disabled
AV: McAfee VirusScan v (McAfee)
AS: McAfee VirusScan v (McAfee)
AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\eckdawg5\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ECKDAWG5-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\eckdawg5
LOCALAPPDATA=C:\Users\eckdawg5\AppData\Local
LOGONSERVER=\\ECKDAWG5-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0a
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\eckdawg5\AppData\Local\Temp
TMP=C:\Users\eckdawg5\AppData\Local\Temp
USERDOMAIN=eckdawg5-PC
USERNAME=eckdawg5
USERPROFILE=C:\Users\eckdawg5
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

eckdawg5


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
946plv32 --> MsiExec.exe /I{A0A480EB-6D21-4CD7-91F0-4C93606A2F32}
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Broadcom Management Programs --> MsiExec.exe /X{C99C0593-3B48-41D9-B42F-6E035B320449}
Computrace --> MsiExec.exe /X{20159B36-3A64-49AB-B3AA-FE6DE1D93C7C}
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Consumer Complete Care Services Agreement --> MsiExec.exe /X{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}
Dell AIO Printer 946 --> C:\Program Files\Dell AIO Printer 946\Install\x86\Uninst.exe
Dell DataSafe Online --> MsiExec.exe /I{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}
Dell PC Fax --> C:\Program Files\Dell Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Dell Support Center --> MsiExec.exe /I{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}
Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Games, Music, & Photos Launcher --> MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GoToAssist 8.0.0.480 --> C:\Program Files\Citrix\GoToAssist\480\G2AUninstaller.exe /uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitman 2 Silent Assassin --> C:\Program Files\Eidos Interactive\Hitman 2 Silent Assassin\Uninstal.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe"
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.5.79 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Print to Fax --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
Product Documentation Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QualxServ Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickSet --> MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E}
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stamps.com --> "C:\Users\eckdawg5\AppData\Local\{EF257B1A-26EA-4A90-9BCC-54CA818488E8}\stamps.exe" REMOVE=TRUE MODIFY=FALSE
Stamps.com support for Microsoft Word 2000-2007 --> "C:\ProgramData\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}\MSW2KPIMstmp.exe" REMOVE=TRUE MODIFY=FALSE
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
WinAVI Video Converter --> "C:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Mobile Device Center --> MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type20972 / Error
Event Submitted/Written: 02/02/2008 00:40:44 AM
Event ID/Source: 1002 / Application Hang
Event Description:
The program rundll32.exe version 6.0.6000.16386 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: cdc
Start Time: 01c8656eafcd6cc9
Termination Time: 94

Event Record #/Type20959 / Error
Event Submitted/Written: 02/02/2008 00:36:55 AM
Event ID/Source: 5007 / WerSvc
Event Description:
The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Event Record #/Type20951 / Success
Event Submitted/Written: 02/02/2008 00:36:46 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type20947 / Success
Event Submitted/Written: 02/02/2008 00:36:43 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type20943 / Success
Event Submitted/Written: 02/02/2008 00:35:50 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type59892 / Warning
Event Submitted/Written: 02/02/2008 00:45:47 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type59891 / Warning
Event Submitted/Written: 02/02/2008 00:45:47 AM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type59865 / Error
Event Submitted/Written: 02/02/2008 00:36:54 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
sp_rsdrv2

Event Record #/Type59840 / Error
Event Submitted/Written: 02/02/2008 00:36:47 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Spyware Terminator Realtime Shield ServiceSpyware Terminator Driver 2%%31

Event Record #/Type59771 / Warning
Event Submitted/Written: 02/02/2008 00:35:28 AM
Event ID/Source: 4 / b57nd60x
Event Description:
Broadcom NetLink ™ Fast Ethernet: The network link is down. Check to make sure the network cable is properly connected.



-- End of Deckard's System Scanner: finished at 2008-02-02 02:58:23 ------------

#6 eckdawg5

eckdawg5
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 02 February 2008 - 05:18 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:49 AM, on 2/2/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\DELL AIO PRINTER 946\DLCImon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\eckdawg5\AppData\Local\Temp\xxyvv.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\eckdawg5\AppData\Local\Temp\gebcc.dll,#1
O4 - HKCU\..\Run: [fe2e343a] rundll32.exe "C:\Users\eckdawg5\AppData\Local\Temp\wryiajcm.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\eckdawg5\AppData\Local\Temp\xxyvv.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\~DF7964.tmp C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1\5240 C:\Users\eckdawg5\AppData\Local\Temp\E4J699~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\~DF7964.tmp C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1\5240 C:\Users\eckdawg5\AppData\Local\Temp\E4J699~1.SH! (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: dlci_device - - C:\Windows\system32\dlcicoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\Program Files\Spyware Terminator\sp_rsser.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12048 bytes

#7 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:05:04 AM

Posted 02 February 2008 - 09:05 AM

Thanks
You should get rid of any p2p programs its highly likely thats how you got infected in the first place

This are asking for trouble as well

2008-01-23 17:50:02 48 --a------ C:\Users\eckdawg5\readme.bat
2008-01-23 17:50:00 33280 --a------ C:\Users\eckdawg5\serial.exe


Did you try removing the following program
Spyware Terminator ?

Need you to disable a couple programs that may interfer with the fix here

Disable Windows Defender

* Open Windows Defender
* Click Tools
* Click General Settings
* Scroll down to Real Time Protection Options
* Uncheck Turn on Real Time Protection (recommended)
* After you uncheck this, click on the Save button
* Close Windows Defender

Next
Please disable SpybotSD TeaTimer, as it may hinder the removal of the infection. You can enable it after you're clean.
To disable Spybot
SD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on System Startup icon.
Uncheck Teatimer box.
Click Allow Change box.

You can follow this link if you need help: http://russelltexas.com/malware/teatimer.htm


Next
Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

F3 - REG:win.ini: load=C:\Users\eckdawg5\AppData\Local\Temp\xxyvv.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\eckdawg5\AppData\Local\Temp\gebcc.dll,#1
O4 - HKCU\..\Run: [fe2e343a] rundll32.exe "C:\Users\eckdawg5\AppData\Local\Temp\wryiajcm.dll",b
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\eckdawg5\AppData\Local\Temp\xxyvv.dll,c


close out HJT

Next
Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Users\eckdawg5\AppData\Local\Temp\xxyvv.exe
    C:\Users\eckdawg5\AppData\Local\Temp\gebcc.dll
    C:\Users\eckdawg5\AppData\Local\Temp\wryiajcm.dll
    C:\Users\eckdawg5\AppData\Local\Temp\xxyvv.dll


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")


Click "Exit" to close OTMoveIt.


Restart the machine if it didn't reboot please

Next

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



Next

Please do an online scan with Kaspersky WebScanner

Click on Accept Button

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Rescan with DSS and post back just the main.txt it wont produce the extra txt this time around

#8 eckdawg5

eckdawg5
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 04 February 2008 - 01:16 AM

File/Folder C:\Users\eckdawg5\AppData\Local\Temp\xxyvv.exe not found.
File/Folder C:\Users\eckdawg5\AppData\Local\Temp\gebcc.dll not found.
File/Folder C:\Users\eckdawg5\AppData\Local\Temp\wryiajcm.dll not found.
DllUnregisterServer procedure not found in C:\Users\eckdawg5\AppData\Local\Temp\xxyvv.dll
C:\Users\eckdawg5\AppData\Local\Temp\xxyvv.dll NOT unregistered.
File move failed. C:\Users\eckdawg5\AppData\Local\Temp\xxyvv.dll scheduled to be moved on reboot.

OTMoveIt2 v1.0.17 log created on 02032008_230629

#9 eckdawg5

eckdawg5
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 04 February 2008 - 08:40 AM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 04, 2008 6:33:58 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/02/2008
Kaspersky Anti-Virus database records: 546598
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 88750
Number of viruses found: 5
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 03:13:30

Infected Object Name / Virus Name / Last Action
C:\$Recycle.Bin\S-1-5-21-3947125612-3377530064-2779594585-1000\$RCS6DLF.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Deckard\System Scanner\backup\Users\eckdawg5\AppData\Local\Temp\gtqusaab.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\Deckard\System Scanner\backup\Windows\temp\2ADB3740-86AA-47E9-8B47-914B8C036BFB Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\300B5817-66E1-4ACC-ACDD-B5319F6A834D Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\898DEB2B-3AF1-4149-902B-9ABCF0484EEE Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\94CDE21E-00C7-4C33-A618-42814955C983 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\C79AF17C-7780-40BD-B6CA-3832F21B3B9D Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\coinlog.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\D653F3EC.TMP Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI202C.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI73E7.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI9C2F.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMIC3BE.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMIEAC7.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\JET1300.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\JET8D68.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070828-184511-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070828-184519-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070829-072519-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070829-072530-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070829-204152-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070829-204202-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070829-211437-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070829-211448-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070831-083400-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070831-083411-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070831-114600-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070831-114610-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070901-141633-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070901-141650-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070902-122352-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070902-122406-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070903-224831-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070903-224840-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070907-195156-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070907-195208-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070910-024419-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070910-024430-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070910-113215-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070910-113224-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070917-204700-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070917-204710-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070918-044228-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070918-044532-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070918-221037-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070918-221046-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070920-163329-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070920-163338-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070926-174729-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070926-174738-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070927-051336-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070927-051347-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070927-082335-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070927-082344-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070928-212250-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070928-212259-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070929-144056-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070929-144107-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070929-155849-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070929-155901-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070930-163520-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070930-163529-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070930-233703-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070930-233713-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071003-160735-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071003-160745-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071004-030150-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071004-030200-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071004-180022-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071004-180031-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071006-135734-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071006-135744-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071006-151523-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071006-151531-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071007-143420-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071007-143431-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071007-200722-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071007-200730-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071008-095955-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071008-100005-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071008-125958-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071008-130007-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071008-173647-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071008-173656-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071008-220659-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071008-220708-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071011-032709-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071011-032720-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071012-130800-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071012-130814-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071013-180332-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071013-180341-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071013-213615-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071013-213626-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071014-021800-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071014-021810-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071015-232211-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071015-232223-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071016-185748-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071016-185757-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071018-042540-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071018-042549-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071019-011114-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071019-011125-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071021-024215-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071021-024300-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071021-135210-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071021-135220-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071022-180421-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071022-180431-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071024-004337-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071024-004348-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071024-071236-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071024-071247-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071025-045932-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071025-045942-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071025-205137-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071025-205149-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071026-145526-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071026-145537-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071029-144742-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071029-144752-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071030-191651-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071030-191703-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071101-044919-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071101-044928-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071102-122445-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071102-122457-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071104-234834-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071104-234843-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071105-104101-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071105-104111-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071106-170648-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071106-170658-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071108-235554-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071108-235603-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071110-162618-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071110-162628-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071111-073211-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071111-073221-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071113-041239-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071113-041249-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071113-191325-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071113-191335-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071113-222359-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071113-222408-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071115-170111-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071115-170121-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071117-091743-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071117-091824-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071117-125644-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071117-125653-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071118-121830-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071118-121842-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071119-100721-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071119-100731-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071119-173900-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071119-173911-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071119-195339-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071119-195349-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071120-014348-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071120-014401-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071120-183029-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071120-183042-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071121-132027-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071121-132348-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071121-232335-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071121-232345-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071122-100924-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071122-100934-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071122-205432-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071122-205443-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071123-003647-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071123-003658-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071124-100836-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071124-100846-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071124-111208-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071124-111219-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071125-230157-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071125-230207-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071127-165308-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071127-165321-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071201-191810-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071201-191820-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071202-164441-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071202-164453-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071203-022502-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071203-022515-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071204-070312-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071204-070324-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071205-221426-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071205-221436-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071207-023007-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071207-023019-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071209-203702-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071209-203718-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071210-093558-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071210-093613-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071211-205027-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071211-205038-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071217-140620-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071217-140634-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071218-154005-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071218-154017-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071218-165824-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071218-165840-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071221-185027-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071221-185121-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071222-060631-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071222-060646-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071222-153520-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071222-153611-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071222-184959-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071222-185009-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071222-211404-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071222-211414-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071223-013956-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071223-014007-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071223-134719-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071223-134736-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071223-205618-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071223-205629-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071224-184935-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071224-184947-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071224-214010-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071224-214022-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071227-001838-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071227-001850-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071227-113159-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071227-113210-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071228-004431-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071228-004451-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080101-213825-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080101-213852-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080102-102243-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080102-102257-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080102-122838-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080102-122848-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080102-193928-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080102-193940-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080104-162224-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080104-162237-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080105-161620-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080105-161635-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080107-174958-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080107-175008-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080109-013156-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080109-013209-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080109-102209-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080109-102219-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080109-170250-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080109-170302-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080109-215046-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080109-215059-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080121-012338-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080121-012352-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080122-011930-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080122-011948-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080123-235019-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080123-235102-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080124-211604-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080124-211620-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080125-174934-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080125-175044-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080126-005444-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080126-005502-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080127-173531-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080127-173546-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080128-233000-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080128-233015-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080130-000448-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080130-000501-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080201-024026-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080201-024045-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080202-005059-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080202-005118-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_11tknmdD4W2Hhl4 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_24WJ6oL2S77kccM Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_2f3Xbidv6j7V1s7 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_34j5BCHBA5jMHFE Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_3gQFqNjAKzLGNRG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_3jZQCRFkaTt1NwM Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_3SVuNTUy8cSJ99x Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_43ay1l67jBlQyWg Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_4t2kBtoKClGdCLV Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_6yNPYXUYwUQUYQf Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_8uhHV7jA1eif4nx Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_8Yg39ItO6pYqwXd Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_9511SCWedB2sLPP Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_9h1s5ex7pyL1dc2 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_aAIXBcXScuQJoXB Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_BHzeQkBrU70lVtA Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_eNIImnENyKgyssx Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_F56M9BhTlA0qnD0 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_F5FeD3hLCsRjnol Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_FdnUUyJG9lz3vn3 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_FEA7fvJHvnYRKFC Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_FFRx4Ti2HHZVaSA Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_FyXiFFUwvI0gNSk Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_G7CpLF46Ajh0guz Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_GAdaFITSIpl4Ken Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_GG6TOhB6m8FJcuV Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_gH4JLOTbeYNuk3K Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_h1UXeML87lfiRkU Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_HB2nye9aHusW6oY Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_hmc9WSilr5Vx3H3 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_iBnKyat2WCLdxkc Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_iTnSKtglm838ZoI Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_l2kJsU3rOmEKcsg Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_ldZox3aLrZA7XVC Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_LgDj6ltjrMvaSkA Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_mKleY14RLjeQlXV Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_NjfFy9dOfk7d1vB Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_O2idARm6qJTD099 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_OgI81rdMMfzB8bT Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_oX5mlTldFhMpLkJ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_QdtXb3GMZp37pLX Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_reuYLAB50EvaA9e Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_Rixtj5j2EAV42XW Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_RlabDJesgBjf0Wc Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_s0HzDeEGTDMve9d Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_S0palc6mlVRZNsT Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_sAUwDK1RP1U5eCy Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_stPnFWM9OvW0eeY Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_t0SqpGo0g6IRHKL Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_uegfgDpcBqWna8N Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_uIQLmUROi28xPqX Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_UOj9mfYoNiBAx7O Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_uW3hafU3deZZdHi Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_VHR3hgTXk4MYEMu Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_wAFO5wYRzu0SDcC Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_x7XSvnmNZshebcD Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_yxwdpywiSiXhl4a Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_ZdD4wdYDV4A7tyI Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_Zn0KlQxOGpdnehl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_zRNc0goMwpf7Pu6 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_0hgApC9gMxP9sXs Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_2NYhjlczIEmP6gt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_3KncMWd59shwT2v Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_4Xu6Hcth1ZK3edJ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_5OKFHC7osoQAoUV Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_5Xqbq9XnbZBmmKg Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_8bf3YsYmiru3cyw Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_8XaGACBFJhTluBq Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_9laior64GM0MKCD Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_9uTlaDpSfNvGsMF Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_adgzw1znhIYAlWc Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_aGZ1ORZ64KDJXGz Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_AI2AQVApBkxpOKS Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_AlR4YkPjhC7Q8T3 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_aUtJqiHWjZz60j8 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_bBnQwFPFSKvdQtr Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_bBW42aoc6cw6jm9 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_BEGVnymptPJucTr Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_bghPXTOxyzGubZ4 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_bpYmbMoURtSmHNq Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_bSfWorxRV8aIFfg Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_BzjIcvhFLbi2KYg Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_C463Y5vnS22qTGT Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_C6qZtFcl5IviMOY Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_CenxC741pa4cPaO Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_cnSlIKiUHaY3IFn Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_cVBbMR4za2PKKOx Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_cXEi7J6yhdYK9h9 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_CygeIHekme5NP28 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_CzgvKamUZ0tJmU1 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_DIJpAHVXuyrUq0O Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_dR25tS4qPQZFtJ7 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_drjjnRZeHlwYlvz Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_E37lk0OcdXftsfq Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_EBufTP2wDtf44JB Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_eKnLV7J8arPRPyA Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_Esm2hzUrVtD0o3c Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_ESTtk6vQUTWAV5l Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_fwozA1TTz2h80fZ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_g8pooR4fOBGWRBS Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_gD4VfpIIk3ldzCK Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_gg3ho9JBJptnN3n Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_ggObr6KHYEsrL02 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_gUpDWEnkqxeY5Xv Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_h3DWsvYwSfabk0n Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_H6ur8TqgLuBkTpn Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_hcdg6gqWwhrE2KG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_hDTLyNZqTOuw8kO Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_hiD3W8hGyeSgSnO Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_icDMLqmoD6QuWxN Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_iXDlu6vvxkCjcoE Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_J6ZBjzOoMbSihCw Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_jEtRJKSpup8Rwpy Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_JNXQqAddJhG2ZYQ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_jOUXEAfHL5Kg2oH Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_kDXSyV7vJUovKrH Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_Ke2YYWSLP0I4isU Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_kpYmW70icsCsiIS Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_LgAtvLohrShNRFO Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_MRgkWGzYr5sKejl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_ND5adveh8yKvAth Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_Ngef6wbPG04623q Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_nreiOokvhfoUigh Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_ODej152otIGoN8R Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_OWxtIBE739EWP3v Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_oXjVNwezagu2PnW Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_OZXpGRsbMIcfBIK Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_P7suZND9sDDZgBK Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_Pcl6samSEM0Zl9u Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_pObMAwfOMp6SQJI Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_ptqf9QzJK620Gl8 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_q7YRG9hF53QXhVR Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_qraiyW3jQ43zYOi Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_QwmGR8GMsuk9MD5 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_qXWHckqSjTA02tI Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_qZUAuYGdq6ZjMqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_r58BuR1KDpmxGCj Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_R8OnwRfl6mUtMdS Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_reF1Ve0ma6HF3r0 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_rlh2RzabY9WAaFY Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_RuOaI1WFNJKvv2Q Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_RwOL1ryXBi1DOim Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_sgrMs7RgFL0E8Gp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_sn92haf0hhQHIQ2 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_StKipNUnWk2WZSe Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_sYY8sfYJtzsjodq Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_TISMUH2145eIIz5 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_TQwEPclWmc9c0T0 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_txZFcplgU2vvBqG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_u3ELQtXmk9Ao9nu Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_uz5ZvMjSRIRN4av Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_v3eg5sfYRgYdrwC Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_vAqHimpFAZVb77w Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_VI9MdXWCSOEaK73 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_ViV4ONAAc3CP5GF Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_VJRuadrBdPF78Zr Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_Vqmml4weap5bIXL Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_w1d4fwRPjTfYofg Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_W9DQKJbwQPKMAKt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_WbOyq4oURLSmIiR Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_WDh70C24PP55I1U Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_wMPpJzFKPdMPk6P Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_wpxwl4iof2BnJxA Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_x4EZsDcdFNfr79I Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_xB2hbMSDIC72yR0 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_Xc0OwUCMVjeH1G1 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_XEgnwcToJsg2Rfx Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_xK8gWzRxiCXVuzA Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_XvYyiUP7ONPBw4r Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_xxNxxnf4GETetat Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_ygaIr0WLHoNttJa Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_zgaUjv388hV7not Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_ZNhO1ec4LoDEgLT Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_ZP1zNfBXH6zBsa5 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mpengine.dll Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\MSId3a20.LOG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_a9MX1ztjblQJBBg Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_E8gBoxKYEk5oiYr Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_gFzsaPfiq2dbI7x Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_gWlKgB4zJUuYCgq Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_oQYmUZWS8BikrYr Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Q2xNWnPXstRhtV0 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Rq1hEC3b6HBsWKR Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\TMP000000019DF8BB6B5C47AFE4 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_DX.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_KernelLog.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_StorageAsmt.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\wmsetup.log Object is locked skipped
C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.ilg Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\{7A2242B0-004A-427D-92F3-11313DC50847}.log Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\{F7699A0C-8A6D-4503-AFFA-2A62E533141F}.log Object is locked skipped
C:\ProgramData\McAfee\MSC\McUsers.dat Object is locked skipped
C:\ProgramData\McAfee\MNA\NAData Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Data\TFR5A9D.tmp Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dell.txt Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\TEMPOR~1\Content.IE5\index.dat Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\TEMPOR~1\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\TEMPOR~1\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\TEMPOR~1\Low\Content.IE5\LOSMT8LN\get_video[1] Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\TEMPOR~1\Low\fla8E69.tmp Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\TEMPOR~1\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008020420080205\index.dat Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LOSMT8LN\get_video[1] Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\fla8E69.tmp Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\UsrClass.dat{8cef522a-5509-11dc-ab5d-001aa0fe4643}.TM.blf Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\UsrClass.dat{8cef522a-5509-11dc-ab5d-001aa0fe4643}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Windows\UsrClass.dat{8cef522a-5509-11dc-ab5d-001aa0fe4643}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\eckdawg5\AppData\Local\Temp\kbtsrrru.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\Users\eckdawg5\AppData\Local\Temp\kyqwjfcy.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped
C:\Users\eckdawg5\AppData\Local\Temp\lfqrqtlc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\Users\eckdawg5\AppData\Local\Temp\nhnormkr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\Users\eckdawg5\AppData\Local\Temp\nikcykbx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\Users\eckdawg5\AppData\Local\Temp\uosqeyny.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gip skipped
C:\Users\eckdawg5\AppData\Local\Temp\xxyvv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\Users\eckdawg5\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\eckdawg5\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\eckdawg5\ntuser.dat Object is locked skipped
C:\Users\eckdawg5\ntuser.dat.LOG1 Object is locked skipped
C:\Users\eckdawg5\ntuser.dat.LOG2 Object is locked skipped
C:\Users\eckdawg5\ntuser.dat{8cef5226-5509-11dc-ab5d-001aa0fe4643}.TM.blf Object is locked skipped
C:\Users\eckdawg5\ntuser.dat{8cef5226-5509-11dc-ab5d-001aa0fe4643}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\eckdawg5\ntuser.dat{8cef5226-5509-11dc-ab5d-001aa0fe4643}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{DED33D51-CF23-4B6C-B8A2-D4994DD32663}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\components Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\default Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\sam Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\security Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\software Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\system Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\McDefragTask.job Object is locked skipped
C:\Windows\Tasks\McQcTask.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
D:\Windows\security\database\secedit.sdb Object is locked skipped

Scan process completed.

#10 eckdawg5

eckdawg5
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 04 February 2008 - 09:01 AM

Deckard's System Scanner v20071014.68
Run by eckdawg5 on 2008-02-04 06:41:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as eckdawg5.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:56 AM, on 2/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\System32\mobsync.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\DELL AIO PRINTER 946\DLCImon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\explorer.exe
C:\Users\eckdawg5\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\eckdawg5.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\eckdawg5\AppData\Local\Temp\xxyvv.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [fe2e343a] rundll32.exe "C:\Users\eckdawg5\AppData\Local\Temp\xdnmnvll.dll",b
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\eckdawg5\AppData\Local\Temp\xxyvv.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\eckdawg5\AppData\Local\Temp\acykuuem.dll",run
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\~DF7964.tmp C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1\5240 C:\Users\eckdawg5\AppData\Local\Temp\E4J699~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\~DF7964.tmp C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1\5240 C:\Users\eckdawg5\AppData\Local\Temp\E4J699~1.SH! (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: dlci_device - - C:\Windows\system32\dlcicoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\Program Files\Spyware Terminator\sp_rsser.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12327 bytes

-- Files created between 2008-01-04 and 2008-02-04 -----------------------------

2008-02-03 23:21:45 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-02-02 00:58:22 0 d-------- C:\VundoFix Backups
2008-01-27 16:19:08 92544 --a------ C:\Windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-01-27 16:19:02 0 d-------- C:\Program Files\MagicDisc
2008-01-25 00:47:37 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 23:44:44 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-24 22:51:54 0 d-------- C:\Program Files\Trend Micro
2008-01-24 18:02:06 0 d-------- C:\Program Files\Lavasoft
2008-01-24 18:02:05 0 d-------- C:\Users\All Users\Lavasoft
2008-01-22 19:12:18 0 d-------- C:\Program Files\iPod
2008-01-22 19:12:01 0 d-------- C:\Program Files\iTunes
2008-01-22 19:08:22 0 d-------- C:\Program Files\QuickTime


-- Find3M Report ---------------------------------------------------------------

2008-02-03 23:10:12 17408 --a------ C:\Windows\system32\rpcnetp.exe
2008-02-03 23:10:08 41584 --a------ C:\Windows\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-02-03 15:48:00 0 d-------- C:\Users\eckdawg5\AppData\Roaming\LimeWire
2008-02-02 17:07:43 0 d-------- C:\Users\eckdawg5\AppData\Roaming\Azureus
2008-02-02 00:36:37 17408 --a------ C:\Windows\system32\rpcnetp.dll
2008-01-29 03:22:39 0 d-------- C:\Users\eckdawg5\AppData\Roaming\Google
2008-01-27 17:54:28 0 d-------- C:\Program Files\Dl_cats
2008-01-25 00:47:37 0 d-------- C:\Program Files\Common Files
2008-01-24 23:25:07 0 d-------- C:\Users\eckdawg5\AppData\Roaming\Application Data
2008-01-21 01:09:22 0 d-------- C:\Program Files\McAfee
2008-01-09 01:15:13 0 d-------- C:\Program Files\Windows Mail
2008-01-09 01:15:12 0 d-------- C:\Program Files\Windows Sidebar
2008-01-02 10:13:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-02 10:12:22 0 d-------- C:\Program Files\VstPlugins
2008-01-02 10:12:22 0 d-------- C:\Program Files\Image-Line
2007-12-26 23:42:05 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-23 21:29:24 0 d-------- C:\Users\eckdawg5\AppData\Roaming\DAEMON Tools
2007-12-22 18:55:01 0 d-------- C:\Program Files\Azureus
2007-12-09 03:06:56 0 d-------- C:\Program Files\Eidos Interactive
2007-12-04 07:37:56 36 --ah----- C:\Windows\system32\f9t.dat
2007-12-04 07:37:56 0 d-------- C:\Users\eckdawg5\AppData\Roaming\Stamps.com Internet Postage
2007-12-04 04:02:51 0 d-------- C:\Users\eckdawg5\AppData\Roaming\Adobe
2007-11-09 02:53:05 0 --a------ C:\Windows\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/16/2007 11:15 PM]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [05/20/2007 10:42 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [06/24/2007 10:17 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [05/20/2007 10:44 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [05/20/2007 10:44 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [05/20/2007 10:44 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 09:37 AM]
"@"="" []
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [04/16/2007 02:10 PM]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/16/2007 03:47 PM]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"DLCICATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll" [10/20/2006 06:01 PM]
"dlcimon.exe"="C:\Program Files\Dell AIO Printer 946\dlcimon.exe" [01/12/2007 02:52 PM]
"FaxCenterServer"="C:\Program Files\Dell Fax Solutions\fm3032.exe" [11/03/2006 05:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 03:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/24/2007 03:38 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 05:35 AM]
"fe2e343a"="C:\Users\eckdawg5\AppData\Local\Temp\xdnmnvll.dll,b" []
"cmds"="C:\Users\eckdawg5\AppData\Local\Temp\xxyvv.dll,c" []
"MS Juan"="C:\Users\eckdawg5\AppData\Local\Temp\acykuuem.dll,run" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\HSPERF~1.SH! C:\Users\eckdawg5\AppData\Local\Temp\~DF7964.tmp C:\Users\eckdawg5\AppData\Local\Temp\Low\HSPERF~1\5240 C:\Users\eckdawg5\AppData\Local\Temp\E4J699~1.SH!

C:\Users\eckdawg5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [1/27/2008 4:19:04 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 8:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/16/2007 3:32:35 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [10/17/2007 4:30:59 PM]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [8/16/2007 3:35:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-02-04 06:43:27 ------------

#11 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:05:04 AM

Posted 06 February 2008 - 03:27 PM

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users