Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacker - Redirected Sites Include Fresh-weather.com


  • This topic is locked This topic is locked
8 replies to this topic

#1 dunbar21

dunbar21

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 08 April 2008 - 12:54 PM

When I search using any search engine results are returned normally but IE redirects through numerous different sites (including fresh-weather.com.) when you follow any link
I don't even know where to start in removing. I have run Norton/Spybot & AdAware scans but none of these have found anything.
OS - Vista Home Premium
-------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Run by Andy on 2008-04-08 13:47:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 1014 MiB (1024 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-08 13:48:05
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\TPPALDR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\FlashGet\flashget.exe
C:\Windows\System32\mobsync.exe
C:\Windows\notepad.exe
C:\Users\Andy\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\Windows\TPPALDR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [dmldl.exe] C:\Windows\system32\dmldl.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [dmevb.tmp] C:\Windows\system32\dmevb.tmp
O4 - HKCU\..\Run: [dmxxl.tmp] C:\Windows\system32\dmxxl.tmp
O4 - HKCU\..\Run: [dmjtg.tmp] C:\Windows\system32\dmjtg.tmp
O4 - HKCU\..\Run: [dmkvm.tmp] C:\Windows\system32\dmkvm.tmp
O4 - HKCU\..\Run: [dmnby.tmp] C:\Windows\system32\dmnby.tmp
O4 - HKCU\..\Run: [dmsng.tmp] C:\Windows\system32\dmsng.tmp
O4 - HKCU\..\Run: [dmwyh.tmp] C:\Windows\system32\dmwyh.tmp
O4 - HKCU\..\Run: [dmuet.tmp] C:\Windows\system32\dmuet.tmp
O4 - HKCU\..\Run: [dmyat.tmp] C:\Windows\system32\dmyat.tmp
O4 - HKCU\..\Run: [dmage.tmp] C:\Windows\system32\dmage.tmp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [dmvug.tmp] C:\Windows\system32\dmvug.tmp
O4 - HKCU\..\Run: [dmgsp.tmp] C:\Windows\system32\dmgsp.tmp
O4 - HKCU\..\Run: [dmvfy.tmp] C:\Windows\system32\dmvfy.tmp
O4 - HKCU\..\Run: [dmgsn.tmp] C:\Windows\system32\dmgsn.tmp
O4 - HKCU\..\Run: [dmoac.tmp] C:\Windows\system32\dmoac.tmp
O4 - HKCU\..\Run: [dmxhk.tmp] C:\Windows\system32\dmxhk.tmp
O4 - HKCU\..\Run: [dmlzd.tmp] C:\Windows\system32\dmlzd.tmp
O4 - HKCU\..\Run: [dmzhe.tmp] C:\Windows\system32\dmzhe.tmp
O4 - HKCU\..\Run: [dmksz.tmp] C:\Windows\system32\dmksz.tmp
O4 - HKCU\..\Run: [dmcmu.tmp] C:\Windows\system32\dmcmu.tmp
O4 - HKCU\..\Run: [dmizl.tmp] C:\Windows\system32\dmizl.tmp
O4 - HKCU\..\Run: [dmopw.tmp] C:\Windows\system32\dmopw.tmp
O4 - HKCU\..\Run: [dmogv.tmp] C:\Windows\system32\dmogv.tmp
O4 - HKCU\..\Run: [dmbvz.tmp] C:\Windows\system32\dmbvz.tmp
O4 - HKCU\..\Run: [dmghj.tmp] C:\Windows\system32\dmghj.tmp
O4 - HKCU\..\Run: [dmmar.tmp] C:\Windows\system32\dmmar.tmp
O4 - HKCU\..\Run: [dmuwp.tmp] C:\Windows\system32\dmuwp.tmp
O4 - HKCU\..\Run: [dmrex.tmp] C:\Windows\system32\dmrex.tmp
O4 - HKCU\..\Run: [dmquj.tmp] C:\Windows\system32\dmquj.tmp
O4 - HKCU\..\Run: [dmmyz.tmp] C:\Windows\system32\dmmyz.tmp
O4 - HKCU\..\Run: [dmagg.tmp] C:\Windows\system32\dmagg.tmp
O4 - HKCU\..\Run: [dmrwa.tmp] C:\Windows\system32\dmrwa.tmp
O4 - HKCU\..\Run: [dmmud.tmp] C:\Windows\system32\dmmud.tmp
O4 - HKCU\..\Run: [dmanz.tmp] C:\Windows\system32\dmanz.tmp
O4 - HKCU\..\Run: [dmlzt.tmp] C:\Windows\system32\dmlzt.tmp
O4 - HKCU\..\Run: [dmnrp.tmp] C:\Windows\system32\dmnrp.tmp
O4 - HKCU\..\Run: [dmqiv.tmp] C:\Windows\system32\dmqiv.tmp
O4 - HKCU\..\Run: [dmjef.tmp] C:\Windows\system32\dmjef.tmp
O4 - HKCU\..\Run: [dmxyx.tmp] C:\Windows\system32\dmxyx.tmp
O4 - HKCU\..\Run: [dmtxe.tmp] C:\Windows\system32\dmtxe.tmp
O4 - HKCU\..\Run: [dmvur.tmp] C:\Windows\system32\dmvur.tmp
O4 - HKCU\..\Run: [dmnau.tmp] C:\Windows\system32\dmnau.tmp
O4 - HKCU\..\Run: [dmtub.tmp] C:\Windows\system32\dmtub.tmp
O4 - HKCU\..\Run: [dmdeg.tmp] C:\Windows\system32\dmdeg.tmp
O4 - HKCU\..\Run: [dmitm.tmp] C:\Windows\system32\dmitm.tmp
O4 - HKCU\..\Run: [dmfqo.tmp] C:\Windows\system32\dmfqo.tmp
O4 - HKCU\..\Run: [dmugb.tmp] C:\Windows\system32\dmugb.tmp
O4 - HKCU\..\Run: [dmjnv.tmp] C:\Windows\system32\dmjnv.tmp
O4 - HKCU\..\Run: [dmrgt.tmp] C:\Windows\system32\dmrgt.tmp
O4 - HKCU\..\Run: [dmyfy.tmp] C:\Windows\system32\dmyfy.tmp
O4 - HKCU\..\Run: [dmabx.tmp] C:\Windows\system32\dmabx.tmp
O4 - HKCU\..\Run: [dmqwz.tmp] C:\Windows\system32\dmqwz.tmp
O4 - HKCU\..\Run: [dmatt.tmp] C:\Windows\system32\dmatt.tmp
O4 - HKCU\..\Run: [dmnyo.tmp] C:\Windows\system32\dmnyo.tmp
O4 - HKCU\..\Run: [dmgig.tmp] C:\Windows\system32\dmgig.tmp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [dmfay.tmp] C:\Windows\system32\dmfay.tmp
O4 - HKCU\..\Run: [dmzdl.tmp] C:\Windows\system32\dmzdl.tmp
O4 - HKCU\..\Run: [dmcmt.tmp] C:\Windows\system32\dmcmt.tmp
O4 - HKCU\..\Run: [dmmac.tmp] C:\Windows\system32\dmmac.tmp
O4 - HKCU\..\Run: [dmtvy.tmp] C:\Windows\system32\dmtvy.tmp
O4 - HKCU\..\Run: [dmxet.tmp] C:\Windows\system32\dmxet.tmp
O4 - HKCU\..\Run: [dmagn.tmp] C:\Windows\system32\dmagn.tmp
O4 - HKCU\..\Run: [dmkgl.tmp] C:\Windows\system32\dmkgl.tmp
O4 - HKCU\..\Run: [dmjmh.tmp] C:\Windows\system32\dmjmh.tmp
O4 - HKCU\..\Run: [dmbmf.tmp] C:\Windows\system32\dmbmf.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5/b...heckControl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{1EBCEA31-5084-44BE-83F8-C5E35C39DBA4}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{29609C97-8AE4-400C-AAF3-6CDFCEDF0949}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiSpyware Scanning Engine (AntiSpywareSrv) - Unknown owner - C:\Program Files\AntiSpywareApp\AntiSpyware.srv.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\System32\CTSVCCDA.EXE
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe


--
End of file - 16022 bytes

-- Files created between 2008-03-08 and 2008-04-08 -----------------------------

2008-04-08 09:53:39 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-04-08 09:01:39 0 d-------- C:\Program Files\AntiSpywareApp
2008-03-30 21:24:44 0 d-------- C:\PerfLogs
2008-03-12 10:12:45 0 d-------- C:\4e19b8ec62c9f70b282d9ee1226ad7


-- Find3M Report ---------------------------------------------------------------

2008-04-08 09:04:11 0 d-------- C:\Users\Andy\AppData\Roaming\Antispyware
2008-03-30 21:46:59 174 --ahs---- C:\Program Files\desktop.ini
2008-03-30 21:27:42 0 d-------- C:\Program Files\Windows Sidebar
2008-03-30 21:27:42 0 d-------- C:\Program Files\Windows Calendar
2008-03-30 21:27:42 0 d-------- C:\Program Files\Movie Maker
2008-03-30 21:27:41 0 d-------- C:\Program Files\Windows Mail
2008-03-30 21:27:38 0 d-------- C:\Program Files\Windows Collaboration
2008-03-30 21:27:37 0 d-------- C:\Program Files\Windows Photo Gallery
2008-03-30 21:27:37 0 d-------- C:\Program Files\Windows Journal
2008-03-30 21:27:30 0 d-------- C:\Program Files\Windows Defender
2008-03-30 08:47:55 0 d-------- C:\Users\Andy\AppData\Roaming\LimeWire
2008-03-14 08:11:45 0 d-------- C:\Program Files\Java
2008-03-06 21:32:52 0 d-------- C:\Program Files\QuickTime
2008-02-28 21:48:26 0 d-------- C:\Program Files\Common Files
2008-02-28 21:48:26 0 d-------- C:\Program Files\Common Files\iS3
2008-02-28 21:36:05 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-26 08:45:37 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-25 20:44:33 0 d-------- C:\Program Files\Lavasoft
2008-02-25 20:43:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-25 18:49:24 2538 --a------ C:\Windows\unins000.dat
2008-02-25 18:41:41 691545 --a------ C:\Windows\unins000.exe
2008-02-14 08:58:53 0 d-------- C:\Users\Andy\AppData\Roaming\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 08:38]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [08/12/2006 13:35]
"TPP Auto Loader"="C:\Windows\TPPALDR.EXE" [20/08/2003 12:03]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/01/2007 06:59]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [16/09/2007 01:33]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [07/02/2007 01:04]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [22/08/2007 17:31]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 14:20]
"dmldl.exe"="C:\Windows\system32\dmldl.exe" [15/11/2007 08:58]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 18:38]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/02/2008 00:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 08:33]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 08:33]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/07/2007 11:17]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [07/08/2006 10:06]
"dmevb.tmp"="C:\Windows\system32\dmevb.tmp" []
"dmxxl.tmp"="C:\Windows\system32\dmxxl.tmp" []
"dmjtg.tmp"="C:\Windows\system32\dmjtg.tmp" []
"dmkvm.tmp"="C:\Windows\system32\dmkvm.tmp" []
"dmnby.tmp"="C:\Windows\system32\dmnby.tmp" []
"dmsng.tmp"="C:\Windows\system32\dmsng.tmp" []
"dmwyh.tmp"="C:\Windows\system32\dmwyh.tmp" []
"dmuet.tmp"="C:\Windows\system32\dmuet.tmp" []
"dmyat.tmp"="C:\Windows\system32\dmyat.tmp" []
"dmage.tmp"="C:\Windows\system32\dmage.tmp" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 12:43]
"dmvug.tmp"="C:\Windows\system32\dmvug.tmp" []
"dmgsp.tmp"="C:\Windows\system32\dmgsp.tmp" []
"dmvfy.tmp"="C:\Windows\system32\dmvfy.tmp" []
"dmgsn.tmp"="C:\Windows\system32\dmgsn.tmp" []
"dmoac.tmp"="C:\Windows\system32\dmoac.tmp" []
"dmxhk.tmp"="C:\Windows\system32\dmxhk.tmp" []
"dmlzd.tmp"="C:\Windows\system32\dmlzd.tmp" []
"dmzhe.tmp"="C:\Windows\system32\dmzhe.tmp" []
"dmksz.tmp"="C:\Windows\system32\dmksz.tmp" []
"dmcmu.tmp"="C:\Windows\system32\dmcmu.tmp" []
"dmizl.tmp"="C:\Windows\system32\dmizl.tmp" []
"dmopw.tmp"="C:\Windows\system32\dmopw.tmp" []
"dmogv.tmp"="C:\Windows\system32\dmogv.tmp" []
"dmbvz.tmp"="C:\Windows\system32\dmbvz.tmp" []
"dmghj.tmp"="C:\Windows\system32\dmghj.tmp" []
"dmmar.tmp"="C:\Windows\system32\dmmar.tmp" []
"dmuwp.tmp"="C:\Windows\system32\dmuwp.tmp" []
"dmrex.tmp"="C:\Windows\system32\dmrex.tmp" []
"dmquj.tmp"="C:\Windows\system32\dmquj.tmp" []
"dmmyz.tmp"="C:\Windows\system32\dmmyz.tmp" []
"dmagg.tmp"="C:\Windows\system32\dmagg.tmp" []
"dmrwa.tmp"="C:\Windows\system32\dmrwa.tmp" []
"dmmud.tmp"="C:\Windows\system32\dmmud.tmp" []
"dmanz.tmp"="C:\Windows\system32\dmanz.tmp" []
"dmlzt.tmp"="C:\Windows\system32\dmlzt.tmp" []
"dmnrp.tmp"="C:\Windows\system32\dmnrp.tmp" []
"dmqiv.tmp"="C:\Windows\system32\dmqiv.tmp" []
"dmjef.tmp"="C:\Windows\system32\dmjef.tmp" []
"dmxyx.tmp"="C:\Windows\system32\dmxyx.tmp" []
"dmtxe.tmp"="C:\Windows\system32\dmtxe.tmp" []
"dmvur.tmp"="C:\Windows\system32\dmvur.tmp" []
"dmnau.tmp"="C:\Windows\system32\dmnau.tmp" []
"dmtub.tmp"="C:\Windows\system32\dmtub.tmp" []
"dmdeg.tmp"="C:\Windows\system32\dmdeg.tmp" []
"dmitm.tmp"="C:\Windows\system32\dmitm.tmp" []
"dmfqo.tmp"="C:\Windows\system32\dmfqo.tmp" []
"dmugb.tmp"="C:\Windows\system32\dmugb.tmp" []
"dmjnv.tmp"="C:\Windows\system32\dmjnv.tmp" []
"dmrgt.tmp"="C:\Windows\system32\dmrgt.tmp" []
"dmyfy.tmp"="C:\Windows\system32\dmyfy.tmp" []
"dmabx.tmp"="C:\Windows\system32\dmabx.tmp" []
"dmqwz.tmp"="C:\Windows\system32\dmqwz.tmp" []
"dmatt.tmp"="C:\Windows\system32\dmatt.tmp" []
"dmnyo.tmp"="C:\Windows\system32\dmnyo.tmp" []
"dmgig.tmp"="C:\Windows\system32\dmgig.tmp" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 08:33]
"dmfay.tmp"="C:\Windows\system32\dmfay.tmp" []
"dmzdl.tmp"="C:\Windows\system32\dmzdl.tmp" []
"dmcmt.tmp"="C:\Windows\system32\dmcmt.tmp" []
"dmmac.tmp"="C:\Windows\system32\dmmac.tmp" []
"dmtvy.tmp"="C:\Windows\system32\dmtvy.tmp" []
"dmxet.tmp"="C:\Windows\system32\dmxet.tmp" []
"dmagn.tmp"="C:\Windows\system32\dmagn.tmp" []
"dmkgl.tmp"="C:\Windows\system32\dmkgl.tmp" []
"dmjmh.tmp"="C:\Windows\system32\dmjmh.tmp" []
"dmbmf.tmp"="C:\Windows\system32\dmbmf.tmp" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [8/4/2007 5:46:48 AM]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [5/31/2007 1:46:22 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [7/8/2007 11:17:02 AM]
ImageMixer HDD Camera Monitor.lnk - C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe [11/29/2007 9:59:05 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-08 13:50:13 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5500 @ 1.66GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 1013.38 MiB / 350.76 MiB
Pagefile Memory (total/avail): 2291.06 MiB / 1079.28 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1892.58 MiB

C: is Fixed (NTFS) - 111.79 GiB total, 36.46 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9120822AS ATA Device - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.79 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)
AS: Antispyware v () Disabled
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: Norton 360 v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe:*:Enabled:encryption"
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe:*:Enabled:decryption"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Andy\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Andy
LOCALAPPDATA=C:\Users\Andy\AppData\Local
LOGONSERVER=\\HOME-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Andy\AppData\Local\Temp
TMP=C:\Users\Andy\AppData\Local\Temp
USERDOMAIN=Home-PC
USERNAME=Andy
USERPROFILE=C:\Users\Andy
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Andy
Victoria


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
%TPPFX.SvcDesc% --> tppun.exe TPPFX
Acer Arcade Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x9 -removeonly
Acer GridVista --> C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AntiSpyware --> MsiExec.exe /X{3C74D7AA-2CF5-4F57-A8F8-73DE638D5F53}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series (R2) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FlashGet 1.9.0.1012 --> C:\Program Files\FlashGet\uninst.exe
GearDrvs --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HP Photosmart Essential 2.5 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
ImageMixer3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{751910E3-ECF1-44D0-BF3F-2936A4424514}\setup.exe" -l0x9 UNINSTALL -removeonly
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LaCie USB2 Storage Driver --> C:\Windows\Drivers\LaCie\UNWISE.EXE C:\Windows\Drivers\LaCie\INSTALL.LOG
Launch Manager --> C:\Windows\UnInst32.exe LManager.UNI
LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money 2006 System Pack --> MsiExec.exe /X{6FB8135C-FF1B-4772-BFA7-197F75A75AB5}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite --> C:\ProgramData\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_EA.exe /LANG="2057"
Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton 360 --> MsiExec.exe /I{F413B69D-4AD6-42ab-AEA5-0548989FAD50}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help --> MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component --> MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
NTI Backup NOW! 4.7 --> "C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SA23xx Device Manager --> C:\Program Files\InstallShield Installation Information\{144B4BF4-16CA-4FD3-A547-8A8107EF40D7}\DM_Setup.exe -runfromtemp -l0x0009 -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\Windows\unins000.exe"
SuppSoft --> MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls --> MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7dedec2f\nokbtmdm.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
ZENcast Organizer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove


-- Application Event Log -------------------------------------------------------

Event Record #/Type49838 / Error
Event Submitted/Written: 04/08/2008 01:37:31 PM
Event ID/Source: 33 / SideBySide
Event Description:
Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Event Record #/Type49837 / Error
Event Submitted/Written: 04/08/2008 01:37:31 PM
Event ID/Source: 33 / SideBySide
Event Description:
Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Event Record #/Type49836 / Error
Event Submitted/Written: 04/08/2008 01:37:25 PM
Event ID/Source: 33 / SideBySide
Event Description:
Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Event Record #/Type49835 / Error
Event Submitted/Written: 04/08/2008 01:37:25 PM
Event ID/Source: 33 / SideBySide
Event Description:
Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Event Record #/Type49834 / Error
Event Submitted/Written: 04/08/2008 01:37:25 PM
Event ID/Source: 33 / SideBySide
Event Description:
Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type58961 / Error
Event Submitted/Written: 04/08/2008 01:06:16 PM
Event ID/Source: 8003 / bowser
Event Description:
The master browser has received a server announcement from the computer NEIL-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{29609C97-8AE4-400C-AAF3-6CDFCEDF09.
The master browser is stopping or an election is being forced.

Event Record #/Type58951 / Error
Event Submitted/Written: 04/08/2008 09:26:49 AM
Event ID/Source: 8003 / bowser
Event Description:
The master browser has received a server announcement from the computer NEIL-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{29609C97-8AE4-400C-AAF3-6CDFCEDF09.
The master browser is stopping or an election is being forced.

Event Record #/Type58820 / Error
Event Submitted/Written: 04/08/2008 08:35:45 AM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type58812 / Warning
Event Submitted/Written: 04/08/2008 08:35:30 AM
Event ID/Source: 4 / bcm4sbxp
Event Description:
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type58802 / Warning
Event Submitted/Written: 04/07/2008 11:16:32 PM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:




-- End of Deckard's System Scanner: finished at 2008-04-08 13:46:42 ------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 08, 2008 1:16:35 PM
Operating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/04/2008
Kaspersky Anti-Virus database records: 689209
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 102617
Number of viruses found: 1
Number of infected objects: 74
Number of suspicious objects: 0
Duration of the scan process: 01:13:38

Infected Object Name / Virus Name / Last Action
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAD.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWADMT.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.ldb Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\InstallShield Installation Information\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.ilg Object is locked skipped
C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped
C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped
C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped
C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped
C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped
C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped
C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.bak Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped
C:\ProgramData\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ead68023b9e60d8f10f6ed90e896ea90_acaf8ec8-7eba-45c3-a866-1d8bb66e5794 Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Victoria.dat Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008040820080409\index.dat Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Windows\UsrClass.dat{4d3fba46-2ca5-11dc-9666-0016d4accbd6}.TM.blf Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Windows\UsrClass.dat{4d3fba46-2ca5-11dc-9666-0016d4accbd6}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Windows\UsrClass.dat{4d3fba46-2ca5-11dc-9666-0016d4accbd6}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Andy\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Andy\AppData\Local\Temp\JETCC91.tmp Object is locked skipped
C:\Users\Andy\AppData\Local\Temp\Low\~DF7356.tmp Object is locked skipped
C:\Users\Andy\AppData\Local\Temp\Low\~DF737B.tmp Object is locked skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmabx.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmage.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmagg.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmagn.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmanz.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmatt.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmbmf.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmbvz.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmcmt.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmcmu.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmdeg.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmevb.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmfay.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmfqo.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmghj.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmgig.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmgsn.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmgsp.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmitm.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmizl.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmjef.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmjmh.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmjnv.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmjtg.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmkgl.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmksz.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmkvm.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmlzd.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmlzt.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmmac.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmmar.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmmud.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmmyz.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmnau.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmnby.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmnrp.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmnyo.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmoac.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmogv.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmopw.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmqiv.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmquj.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmqwz.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmrex.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmrgt.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmrwa.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmsng.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmtub.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmtvy.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmtxe.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmuet.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmugb.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmuwp.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmvfy.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmvug.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmvur.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmwyh.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmxet.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmxhk.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmxxl.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmxyx.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmyat.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmyfy.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmzdl.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmzhe.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Andy\AppData\Roaming\Creative\Media Database\PCML_1.dpm Object is locked skipped
C:\Users\Andy\AppData\Roaming\Creative\Media Database\PCML_1.ldb Object is locked skipped
C:\Users\Andy\NTUSER.DAT Object is locked skipped
C:\Users\Andy\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Andy\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Andy\NTUSER.DAT{57cb7d0c-a0bc-11dc-83c5-0016d4accbd6}.TM.blf Object is locked skipped
C:\Users\Andy\NTUSER.DAT{57cb7d0c-a0bc-11dc-83c5-0016d4accbd6}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Andy\NTUSER.DAT{57cb7d0c-a0bc-11dc-83c5-0016d4accbd6}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Victoria\AppData\Local\VirtualStore\Windows\System32\dmask.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Victoria\AppData\Local\VirtualStore\Windows\System32\dmbeu.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Victoria\AppData\Local\VirtualStore\Windows\System32\dmbyu.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Victoria\AppData\Local\VirtualStore\Windows\System32\dmfxh.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Victoria\AppData\Local\VirtualStore\Windows\System32\dmhms.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Victoria\AppData\Local\VirtualStore\Windows\System32\dmnhj.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Users\Victoria\AppData\Local\VirtualStore\Windows\System32\dmtrb.tmp Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Installer\MSIEF17.tmp Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\dmldl.exe Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Windows\System32\dmxvt.exe Infected: Trojan.Win32.DNSChanger.azx skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\1E2E58C73053C7775EB226DB5E739137.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2CE523184A801AA7361A7039E2D6B41D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\376786241A5443E41378D25CF812FCC1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4CB32C0A77CD4D9B0C9618F73F786C32.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5B5D21CF62E70BACF9D085E6AA6CE143.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\87AA2A001CE3E89926688B93E4DC2992.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8A94AF24F162D580E3D9889344A3A317.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8C718B5AFD373885B68D2836088CAF9A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\96ABB1671705F680578FE240427CBD4F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9CD33F0956942860B50AA1B9330DEFAF.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA742824DCADA846BA4B665D686DD5D6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D1A1B12A7DA3F9675C01397A26DBF4B3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D4C4BA54B6A8FA6211E60E2ADFF7426A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.corrupt Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\cc55F.tmp Object is locked skipped
C:\Windows\Temp\cc669.tmp Object is locked skipped
C:\Windows\Temp\cc745.tmp Object is locked skipped
C:\Windows\Temp\ccFC59.tmp Object is locked skipped
C:\Windows\Temp\JETE510.tmp Object is locked skipped
C:\Windows\Temp\JETE648.tmp Object is locked skipped
C:\Windows\Temp\VistaSP1_InstallPerf_142855.sqm Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd Object is locked skipped

Scan process completed.

BC AdBot (Login to Remove)

 


#2 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:07:41 AM

Posted 13 April 2008 - 01:33 AM

Hi,

Welcome to Bleeping Computer.

I'm now researching your log and will get back to you in a while.

Thank you for your patience.
Posted Image

Done your best? Really?


#3 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:07:41 AM

Posted 14 April 2008 - 04:28 AM

Hi,

Limewire is installed on your computer and I see that it's running. While Limewire is a clean P2P program, there's no guarantee that the files downloaded are. Please refrain from using it /them while cleaning your computer to prevent getting more infections.

A list of clean and infected P2P programs can be found at Malware Removal and Spyware Info.

The risks of using a P2P program are stated in this Sourceforge website and Information Week article.



  • Please download F-Secure Blacklight and save it to your desktop.
  • Open Notepad and copy and paste the following in the Code box into Notepad:
    C:\Users\Andy\Desktop\fsbl.exe /expert

    Click on File > Save As....

    In the File Name box, copy and paste in rksearch.bat

    In the Save As Type box, select All Files from the drop-down list.

    Click Save.

    Double click on rksearch.bat to run it. Command Prompt will open, followed by Blacklight.
  • You will be shown a license agreement. Read through it and select I accept the agreement. Click Next.
  • Click on Scan.
  • Once the scan is done, close F-Secure Blacklight. Don't rename anything found!
  • A log will be produced on your desktop. It's named fsbl-XXXXXXXXXXXXXX.log, where the XXXXXXXXXXXXXX are numbers. Please post this log in your next reply.

Posted Image

Done your best? Really?


#4 dunbar21

dunbar21
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 14 April 2008 - 04:45 PM

As Instructed here is the fsbl log.
fsbl reported no hidden items found.


04/14/08 22:27:28 [Info]: BlackLight Engine 1.0.70 initialized
04/14/08 22:27:28 [Info]: OS: 6.0 build 6001 (Service Pack 1)
04/14/08 22:27:28 [Note]: 7019 4
04/14/08 22:27:28 [Note]: 7005 0
04/14/08 22:28:02 [Note]: 7006 0
04/14/08 22:28:02 [Note]: 7022 0
04/14/08 22:28:02 [Note]: 7027 0
04/14/08 22:28:03 [Note]: 7035 0
04/14/08 22:28:03 [Note]: 7026 0
04/14/08 22:28:03 [Note]: 7026 0
04/14/08 22:28:14 [Note]: FSRAW library version 1.7.1024
04/14/08 22:40:51 [Note]: 2000 1012
04/14/08 22:40:51 [Note]: 2000 1012
04/14/08 22:41:23 [Note]: 7007 0

#5 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:07:41 AM

Posted 15 April 2008 - 04:15 AM

Hi,

Before I continue, some things for you to read.

Limewire is installed on your computer. While Limewire is a clean P2P program, there's no guarantee that the files downloaded are. Please refrain from using it while cleaning your computer to prevent getting more infections.

A list of clean and infected P2P programs can be found at Malware Removal and Spyware Info.

The risks of using a P2P program are stated in this Sourceforge website and Information Week article.




Step 1
  • Please download the latest copy of HijackThis from Trend Micro and save it to your desktop.
  • Double click on HJTInstall.exe to install it. Click on Install. By default, it will install to C:\Program Files\Trend Micro\HijackThis.
  • Read through the License Agreement presented to you on the next screen and click on I Accept.
  • Once installed, HijackThis will start automatically. Close HijackThis.
Step 2

Please disable Spybot Teatimer temporarily as it may interfere with the fixes. You can re-enable Spybot Teatimer after your computer is clean.
  • Right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol).
  • Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
  • Click on Mode > Advanced Mode. When it prompts you, click Yes.
  • On the left hand side, click on Tools.
  • Check (tick) this box if it is not yet ticked: Resident.
  • You will notice that Resident is now added under Tools. Click on Resident.
  • Uncheck (untick) this box: Resident "TeaTimer" (Protection of over-all system settings) active.
  • Exit Spybot Search & Destroy.
  • Restart your computer for the changes to take effect.
Step 3

Please navigate to where you install HijackThis (by default it's in C:\Program Files\Trend Micro\HijackThis folder).

Right click on HijackThis.exe and select Run As Administrator.

Put a check (tick) next to these lines:
O4 - HKLM\..\Run: [dmldl.exe] C:\Windows\system32\dmldl.exe
O4 - HKCU\..\Run: [dmevb.tmp] C:\Windows\system32\dmevb.tmp
O4 - HKCU\..\Run: [dmxxl.tmp] C:\Windows\system32\dmxxl.tmp
O4 - HKCU\..\Run: [dmjtg.tmp] C:\Windows\system32\dmjtg.tmp
O4 - HKCU\..\Run: [dmkvm.tmp] C:\Windows\system32\dmkvm.tmp
O4 - HKCU\..\Run: [dmnby.tmp] C:\Windows\system32\dmnby.tmp
O4 - HKCU\..\Run: [dmsng.tmp] C:\Windows\system32\dmsng.tmp
O4 - HKCU\..\Run: [dmwyh.tmp] C:\Windows\system32\dmwyh.tmp
O4 - HKCU\..\Run: [dmuet.tmp] C:\Windows\system32\dmuet.tmp
O4 - HKCU\..\Run: [dmyat.tmp] C:\Windows\system32\dmyat.tmp
O4 - HKCU\..\Run: [dmage.tmp] C:\Windows\system32\dmage.tmp
O4 - HKCU\..\Run: [dmvug.tmp] C:\Windows\system32\dmvug.tmp
O4 - HKCU\..\Run: [dmgsp.tmp] C:\Windows\system32\dmgsp.tmp
O4 - HKCU\..\Run: [dmvfy.tmp] C:\Windows\system32\dmvfy.tmp
O4 - HKCU\..\Run: [dmgsn.tmp] C:\Windows\system32\dmgsn.tmp
O4 - HKCU\..\Run: [dmoac.tmp] C:\Windows\system32\dmoac.tmp
O4 - HKCU\..\Run: [dmxhk.tmp] C:\Windows\system32\dmxhk.tmp
O4 - HKCU\..\Run: [dmlzd.tmp] C:\Windows\system32\dmlzd.tmp
O4 - HKCU\..\Run: [dmzhe.tmp] C:\Windows\system32\dmzhe.tmp
O4 - HKCU\..\Run: [dmksz.tmp] C:\Windows\system32\dmksz.tmp
O4 - HKCU\..\Run: [dmcmu.tmp] C:\Windows\system32\dmcmu.tmp
O4 - HKCU\..\Run: [dmizl.tmp] C:\Windows\system32\dmizl.tmp
O4 - HKCU\..\Run: [dmopw.tmp] C:\Windows\system32\dmopw.tmp
O4 - HKCU\..\Run: [dmogv.tmp] C:\Windows\system32\dmogv.tmp
O4 - HKCU\..\Run: [dmbvz.tmp] C:\Windows\system32\dmbvz.tmp
O4 - HKCU\..\Run: [dmghj.tmp] C:\Windows\system32\dmghj.tmp
O4 - HKCU\..\Run: [dmmar.tmp] C:\Windows\system32\dmmar.tmp
O4 - HKCU\..\Run: [dmuwp.tmp] C:\Windows\system32\dmuwp.tmp
O4 - HKCU\..\Run: [dmrex.tmp] C:\Windows\system32\dmrex.tmp
O4 - HKCU\..\Run: [dmquj.tmp] C:\Windows\system32\dmquj.tmp
O4 - HKCU\..\Run: [dmmyz.tmp] C:\Windows\system32\dmmyz.tmp
O4 - HKCU\..\Run: [dmagg.tmp] C:\Windows\system32\dmagg.tmp
O4 - HKCU\..\Run: [dmrwa.tmp] C:\Windows\system32\dmrwa.tmp
O4 - HKCU\..\Run: [dmmud.tmp] C:\Windows\system32\dmmud.tmp
O4 - HKCU\..\Run: [dmanz.tmp] C:\Windows\system32\dmanz.tmp
O4 - HKCU\..\Run: [dmlzt.tmp] C:\Windows\system32\dmlzt.tmp
O4 - HKCU\..\Run: [dmnrp.tmp] C:\Windows\system32\dmnrp.tmp
O4 - HKCU\..\Run: [dmqiv.tmp] C:\Windows\system32\dmqiv.tmp
O4 - HKCU\..\Run: [dmjef.tmp] C:\Windows\system32\dmjef.tmp
O4 - HKCU\..\Run: [dmxyx.tmp] C:\Windows\system32\dmxyx.tmp
O4 - HKCU\..\Run: [dmtxe.tmp] C:\Windows\system32\dmtxe.tmp
O4 - HKCU\..\Run: [dmvur.tmp] C:\Windows\system32\dmvur.tmp
O4 - HKCU\..\Run: [dmnau.tmp] C:\Windows\system32\dmnau.tmp
O4 - HKCU\..\Run: [dmtub.tmp] C:\Windows\system32\dmtub.tmp
O4 - HKCU\..\Run: [dmdeg.tmp] C:\Windows\system32\dmdeg.tmp
O4 - HKCU\..\Run: [dmitm.tmp] C:\Windows\system32\dmitm.tmp
O4 - HKCU\..\Run: [dmfqo.tmp] C:\Windows\system32\dmfqo.tmp
O4 - HKCU\..\Run: [dmugb.tmp] C:\Windows\system32\dmugb.tmp
O4 - HKCU\..\Run: [dmjnv.tmp] C:\Windows\system32\dmjnv.tmp
O4 - HKCU\..\Run: [dmrgt.tmp] C:\Windows\system32\dmrgt.tmp
O4 - HKCU\..\Run: [dmyfy.tmp] C:\Windows\system32\dmyfy.tmp
O4 - HKCU\..\Run: [dmabx.tmp] C:\Windows\system32\dmabx.tmp
O4 - HKCU\..\Run: [dmqwz.tmp] C:\Windows\system32\dmqwz.tmp
O4 - HKCU\..\Run: [dmatt.tmp] C:\Windows\system32\dmatt.tmp
O4 - HKCU\..\Run: [dmnyo.tmp] C:\Windows\system32\dmnyo.tmp
O4 - HKCU\..\Run: [dmgig.tmp] C:\Windows\system32\dmgig.tmp
O4 - HKCU\..\Run: [dmfay.tmp] C:\Windows\system32\dmfay.tmp
O4 - HKCU\..\Run: [dmzdl.tmp] C:\Windows\system32\dmzdl.tmp
O4 - HKCU\..\Run: [dmcmt.tmp] C:\Windows\system32\dmcmt.tmp
O4 - HKCU\..\Run: [dmmac.tmp] C:\Windows\system32\dmmac.tmp
O4 - HKCU\..\Run: [dmtvy.tmp] C:\Windows\system32\dmtvy.tmp
O4 - HKCU\..\Run: [dmxet.tmp] C:\Windows\system32\dmxet.tmp
O4 - HKCU\..\Run: [dmagn.tmp] C:\Windows\system32\dmagn.tmp
O4 - HKCU\..\Run: [dmkgl.tmp] C:\Windows\system32\dmkgl.tmp
O4 - HKCU\..\Run: [dmjmh.tmp] C:\Windows\system32\dmjmh.tmp
O4 - HKCU\..\Run: [dmbmf.tmp] C:\Windows\system32\dmbmf.tmp
O23 - Service: AntiSpyware Scanning Engine (AntiSpywareSrv) - Unknown owner - C:\Program Files\AntiSpywareApp\AntiSpyware.srv.exe

Click Fix checked. Close HijackThis.

Step 4

Please open Notepad and copy and paste the following in the Code box into Notepad:

@echo off
sc stop AntiSpywareSrv
sc delete AntiSpywareSrv
if exist "C:\Program Files\AntiSpywareApp" rmdir /s /q "C:\Program Files\AntiSpywareApp"
pause
ipconfig /flushdns
pause
cls
echo A log named check.txt will be on your desktop if Notepad doesn't open automatically.
echo Checking if folder is still present >> C:\Users\Andy\Desktop\check.txt
echo. >> C:\Users\Andy\Desktop\check.txt
dir "C:\Program Files\AntiSpywareApp" >> C:\Users\Andy\Desktop\check.txt
notepad C:\Users\Andy\Desktop\check.txt

Click on File > Save As....

In the File Name box, copy and paste in fix.bat

In the Save As Type box, select All Files from the drop-down list.

Click Save.

Right click on fix.bat and select Run As Administrator to run it. Command Prompt will open. Follow the prompts. When done, Notepad will open. Please post the contents of this Notepad file in your next reply.

In your next reply, please post:
  • A new HijackThis log
  • Contents of Notepad file from Step 4

Posted Image

Done your best? Really?


#6 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:07:41 AM

Posted 20 April 2008 - 07:45 AM

Hello,

Still there?
Posted Image

Done your best? Really?


#7 dunbar21

dunbar21
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 21 April 2008 - 04:25 PM

Still here...... Apologies I've been away for a few days

here are check log results
___________________________________________________________________

Checking if folder is still present

Volume in drive C has no label.
Volume Serial Number is 1AD3-0CFA

Directory of C:\Program Files\AntiSpywareApp

21/04/2008 22:16 <DIR> .
21/04/2008 22:16 <DIR> ..
02/04/2008 21:16 328,952 AntiSpyware.srv.exe
1 File(s) 328,952 bytes
2 Dir(s) 51,334,447,104 bytes free

____________________________________________________________________

& Here is HJT log after following all instructions

____________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:10, on 21/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\TPPALDR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\cmd.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\Windows\TPPALDR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [dmieu.tmp] C:\Windows\system32\dmieu.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EBCEA31-5084-44BE-83F8-C5E35C39DBA4}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{29609C97-8AE4-400C-AAF3-6CDFCEDF0949}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{1EBCEA31-5084-44BE-83F8-C5E35C39DBA4}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{1EBCEA31-5084-44BE-83F8-C5E35C39DBA4}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 11085 bytes

#8 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:07:41 AM

Posted 23 April 2008 - 06:54 AM

Hi,

Step 1

Right click on HijackThis and select Do a system scan only.

Put a check (tick) next to this line:
O4 - HKCU\..\Run: [dmieu.tmp] C:\Windows\system32\dmieu.tmp
Click Fix checked. Close HijackThis.

Step 2

Please download OTMoveIt2.exe by OldTimer and save it to your desktop.

Right click on OTMoveIt2.exe and select Run As Administrator to run it.

Copy and paste the following in the Code box into OTMoveIt (1).

Note: Do not type it out to minimize the risk of typo error.

C:\Windows\system32\dmldl.exe
C:\Windows\system32\dmevb.tmp
C:\Windows\system32\dmxxl.tmp
C:\Windows\system32\dmjtg.tmp
C:\Windows\system32\dmkvm.tmp
C:\Windows\system32\dmnby.tmp
C:\Windows\system32\dmsng.tmp
C:\Windows\system32\dmwyh.tmp
C:\Windows\system32\dmuet.tmp
C:\Windows\system32\dmyat.tmp
C:\Windows\system32\dmage.tmp
C:\Windows\system32\dmvug.tmp
C:\Windows\system32\dmgsp.tmp
C:\Windows\system32\dmvfy.tmp
C:\Windows\system32\dmgsn.tmp
C:\Windows\system32\dmoac.tmp
C:\Windows\system32\dmxhk.tmp
C:\Windows\system32\dmlzd.tmp
C:\Windows\system32\dmzhe.tmp
C:\Windows\system32\dmksz.tmp
C:\Windows\system32\dmcmu.tmp
C:\Windows\system32\dmizl.tmp
C:\Windows\system32\dmopw.tmp
C:\Windows\system32\dmogv.tmp
C:\Windows\system32\dmbvz.tmp
C:\Windows\system32\dmghj.tmp
C:\Windows\system32\dmmar.tmp
C:\Windows\system32\dmuwp.tmp
C:\Windows\system32\dmrex.tmp
C:\Windows\system32\dmquj.tmp
C:\Windows\system32\dmmyz.tmp
C:\Windows\system32\dmagg.tmp
C:\Windows\system32\dmrwa.tmp
C:\Windows\system32\dmmud.tmp
C:\Windows\system32\dmanz.tmp
C:\Windows\system32\dmlzt.tmp
C:\Windows\system32\dmnrp.tmp
C:\Windows\system32\dmqiv.tmp
C:\Windows\system32\dmjef.tmp
C:\Windows\system32\dmxyx.tmp
C:\Windows\system32\dmtxe.tmp
C:\Windows\system32\dmvur.tmp
C:\Windows\system32\dmnau.tmp
C:\Windows\system32\dmtub.tmp
C:\Windows\system32\dmdeg.tmp
C:\Windows\system32\dmitm.tmp
C:\Windows\system32\dmfqo.tmp
C:\Windows\system32\dmugb.tmp
C:\Windows\system32\dmjnv.tmp
C:\Windows\system32\dmrgt.tmp
C:\Windows\system32\dmyfy.tmp
C:\Windows\system32\dmabx.tmp
C:\Windows\system32\dmqwz.tmp
C:\Windows\system32\dmatt.tmp
C:\Windows\system32\dmnyo.tmp
C:\Windows\system32\dmgig.tmp
C:\Windows\system32\dmfay.tmp
C:\Windows\system32\dmzdl.tmp
C:\Windows\system32\dmcmt.tmp
C:\Windows\system32\dmmac.tmp
C:\Windows\system32\dmtvy.tmp
C:\Windows\system32\dmxet.tmp
C:\Windows\system32\dmagn.tmp
C:\Windows\system32\dmkgl.tmp
C:\Windows\system32\dmjmh.tmp
C:\Windows\system32\dmbmf.tmp
C:\Windows\system32\dmieu.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmabx.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmage.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmagg.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmagn.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmanz.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmatt.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmbmf.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmbvz.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmcmt.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmcmu.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmdeg.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmevb.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmfay.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmfqo.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmghj.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmgig.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmgsn.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmgsp.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmitm.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmizl.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmjef.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmjmh.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmjnv.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmjtg.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmkgl.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmksz.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmkvm.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmlzd.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmlzt.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmmac.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmmar.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmmud.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmmyz.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmnau.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmnby.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmnrp.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmnyo.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmoac.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmogv.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmopw.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmqiv.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmquj.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmqwz.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmrex.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmrgt.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmrwa.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmsng.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmtub.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmtvy.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmtxe.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmuet.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmugb.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmuwp.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmvfy.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmvug.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmvur.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmwyh.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmxet.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmxhk.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmxxl.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmxyx.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmyat.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmyfy.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmzdl.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmzhe.tmp
C:\Users\Andy\AppData\Local\VirtualStore\Windows\System32\dmatt.tmp
C:\Users\Victoria\AppData\Local\VirtualStore\Windows\System32\dmask.tmp
C:\Users\Victoria\AppData\Local\VirtualStore\Windows\System32\dmbeu.tmp
C:\Users\Victoria\AppData\Local\VirtualStore\Windows\System32\dmbyu.tmp
C:\Users\Victoria\AppData\Local\VirtualStore\Windows\System32\dmfxh.tmp
C:\Users\Victoria\AppData\Local\VirtualStore\Windows\System32\dmhms.tmp
C:\Users\Victoria\AppData\Local\VirtualStore\Windows\System32\dmnhj.tmp
C:\Users\Victoria\AppData\Local\VirtualStore\Windows\System32\dmtrb.tmp
C:\Windows\System32\dmxvt.exe
C:\Program Files\AntiSpywareApp

Click on MoveIt! (2).

When done, click on Exit (3).

Note: If a file or folder can't be moved immediately, you may asked to restart your computer. Please choose Yes.

Please refer to this picture for using OTMoveIt.

Posted Image

The log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Please post this log in your next reply.

Step 3
  • Please download and install CCleaner Slim.
  • Once installed, right click on the desktop shortcut created and select Run As Administrator.
  • On the Windows tab, leave the default options alone.
  • On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  • Click on the Run Cleaner button at the bottom right hand corner.
  • Close CCleaner.
Step 4
  • Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  • Right click on mbam-setup.exe and select Run As Administrator to install it.
  • Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
    • Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  • Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  • Select the Scanner tab. Click on Perform full scan, then click on Scan.
  • Leave the default options as it is and click on Start Scan.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Checked (ticked) all items and click on Remove Selected.
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the [b]Logs tab. The bottom most log is the latest.
In your next reply, please post:
  • OTMoveIt2 log
  • Malwarebytes' Anti-Malware scan report
  • A new HijackThis log

Posted Image

Done your best? Really?


#9 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:07:41 AM

Posted 30 April 2008 - 02:24 PM

This topic is now closed due to inactivity. If you need it re-opened, please send a message to a member of the moderating team.

This applies only to the topic starter. Everyone else please start a new topic.
Posted Image

Done your best? Really?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users