Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help, Trojan Vundo


  • This topic is locked This topic is locked
10 replies to this topic

#1 Zoolander428

Zoolander428

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 19 April 2008 - 03:42 AM

I managed to pick something up that I can't get rid of... please help.

Here is my DSS scan:

Deckard's System Scanner v20071014.68
Run by Zoolander on 2008-04-19 10:20:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
17: 2008-04-17 22:16:54 UTC - RP246 - Installed
16: 2008-04-16 20:30:29 UTC - RP245 - Installed Nero 8 Trial. Available with Windows Installer version 1.2 and later.
15: 2008-04-16 20:12:35 UTC - RP244 - Removed Nero 7 Essentials. Available with Windows Installer version 1.2 and later.
14: 2008-04-15 16:57:18 UTC - RP243 - Scheduled Checkpoint
13: 2008-04-14 16:27:33 UTC - RP242 - Scheduled Checkpoint


-- First Restore Point --
1: 2008-03-27 17:36:28 UTC - RP230 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Zoolander.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:47 AM, on 4/19/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DVBT\DetectTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Philips\VOIP080\VOIP080.exe
C:\Program Files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Users\Zoolander\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Zoolander.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DetectTray] C:\Program Files\DVBT\DetectTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\ZOOLAN~1\AppData\Local\Temp\mlJYpPjG.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\ZOOLAN~1\AppData\Local\Temp\byXNdcDw.dll,c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\ZOOLAN~1\AppData\Local\Temp\liwnvhtd.dll",run
O4 - HKCU\..\Run: [BMb39ab7f1] Rundll32.exe "C:\Users\ZOOLAN~1\AppData\Local\Temp\ppylfuiy.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VOIP080.lnk = C:\Program Files\Philips\VOIP080\VOIP080.exe
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10629 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 VUALFDrv (SONIX Audio Filter Driver) - \??\c:\windows\system32\drivers\vualfdrv.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2AF9DD25&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2AF9DD25&0
Service: i8042prt

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&2AF9DD25&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&2AF9DD25&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-04-19 10:11:14 426 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{F785F2D9-2064-4505-B4F2-DB6C939461D8}.job
2008-04-14 20:02:08 488 --a------ C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - Zoolander.job


-- Files created between 2008-03-19 and 2008-04-19 -----------------------------

2008-04-19 10:08:47 0 d-------- C:\Program Files\Trend Micro
2008-04-18 07:42:03 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-18 00:17:28 0 d-------- C:\Users\All Users\Lavasoft
2008-04-18 00:17:28 0 d-------- C:\Program Files\Lavasoft
2008-04-16 22:07:39 0 d-a------ C:\Users\All Users\TEMP
2008-04-12 17:29:18 0 d-------- C:\Program Files\uTorrent
2008-04-09 20:55:33 0 d-------- C:\Users\Zoolander\Funny
2008-04-08 13:46:36 0 d-------- C:\Program Files\iPod
2008-04-08 13:46:33 0 d-------- C:\Program Files\iTunes
2008-04-08 13:44:53 0 d-------- C:\Program Files\QuickTime
2008-04-01 16:51:19 0 d-------- C:\Program Files\LimeWire


-- Find3M Report ---------------------------------------------------------------

2008-04-19 09:58:16 0 d-------- C:\Users\Zoolander\AppData\Roaming\Skype
2008-04-19 09:56:59 0 d-------- C:\Users\Zoolander\AppData\Roaming\skypePM
2008-04-18 00:16:45 0 d-------- C:\Program Files\Common Files
2008-04-18 00:14:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 00:03:59 0 d-------- C:\Users\Zoolander\AppData\Roaming\Symantec
2008-04-16 21:43:28 0 d-------- C:\Users\Zoolander\AppData\Roaming\WinRAR
2008-04-15 23:30:10 0 d-------- C:\Users\Zoolander\AppData\Roaming\uTorrent
2008-04-12 22:28:21 0 d-------- C:\Users\Zoolander\AppData\Roaming\???????sAppData
2008-04-12 20:28:05 0 d-------- C:\Users\Zoolander\AppData\Roaming\LimeWire
2008-04-09 18:28:16 0 d-------- C:\Program Files\Windows Mail
2008-04-01 16:47:50 0 d-------- C:\Program Files\World of Warcraft
2008-03-08 03:19:47 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-21 03:30:41 0 d-------- C:\Program Files\Common Files\Symantec Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/14/2007 10:01 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 07:59 AM]
"RtHDVCpl"="RtHDVCpl.exe" [03/14/2007 10:50 PM C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [03/14/2007 01:55 AM C:\Windows\SkyTel.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 08:11 AM]
"NWEReboot"="" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [10/10/2007 07:28 AM]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [07/23/2006 03:22 AM]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [11/06/2007 09:00 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [11/06/2007 09:00 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [11/06/2007 09:00 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 06:38 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/12/2008 04:04 AM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"Aim6"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM]
"DetectTray"="C:\Program Files\DVBT\DetectTray.exe" [01/18/2007 02:18 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 02:36 PM]
"MSServer"="C:\Users\ZOOLAN~1\AppData\Local\Temp\mlJYpPjG.dll,#1" []
"cmds"="C:\Users\ZOOLAN~1\AppData\Local\Temp\byXNdcDw.dll,c" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"MS Juan"="C:\Users\ZOOLAN~1\AppData\Local\Temp\liwnvhtd.dll,run" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 11:44:06 AM]
VOIP080.lnk - C:\Program Files\Philips\VOIP080\VOIP080.exe [4/3/2007 11:16:30 AM]
Wireless Connection Manager.lnk - C:\Program Files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe [1/27/2008 1:23:31 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-19 10:26:55 ------------

BC AdBot (Login to Remove)

 


m

#2 Zoolander428

Zoolander428
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 19 April 2008 - 03:45 AM

Info from the other DSS log...

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 5200+
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 3070.63 MiB / 1973.46 MiB
Pagefile Memory (total/avail): 6324.03 MiB / 5182 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.34 MiB

C: is Fixed (NTFS) - 298.09 GiB total, 191.63 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST332062 0AS SCSI Disk Device - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.09 GiB - C:

\\.\PHYSICALDRIVE1 - IN-WIN CF Card USB Device

\\.\PHYSICALDRIVE2 - IN-WIN MS Card USB Device

\\.\PHYSICALDRIVE4 - IN-WIN SD Card USB Device

\\.\PHYSICALDRIVE3 - IN-WIN SM Card USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton AntiVirus v2007 (Symantec Corporation)
AV: Norton AntiVirus v2007 (Symantec Corporation)
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: Norton AntiVirus v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Zoolander\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ZOOLANDER-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Zoolander
LOCALAPPDATA=C:\Users\Zoolander\AppData\Local
LOGONSERVER=\\ZOOLANDER-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4302
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\ZOOLAN~1\AppData\Local\Temp
TMP=C:\Users\ZOOLAN~1\AppData\Local\Temp
USERDOMAIN=Zoolander-PC
USERNAME=Zoolander
USERPROFILE=C:\Users\Zoolander
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Zoolander


-- Add/Remove Programs ---------------------------------------------------------

µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
BitTorrent 5.0.7 --> "C:\Program Files\BitTorrent\uninstall.exe"
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
D-Link DWA-111 Wireless G USB Adapter --> C:\Program Files\InstallShield Installation Information\{12556CE0-804A-40B7-8054-BD666764ED36}\Setup.exe -runfromtemp -l0x0009 -removeonly
DVBT --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CDC4FC15-480C-49C1-85DA-1CFBBFC6CD08}\setup.exe" -l0x9 -removeonly
DVBT Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{115C3431-11CA-4917-B498-4CA1FF2AD06D} /l1033
GPGNet --> MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech G11 Keyboard Software 1.03 --> MsiExec.exe /X{77A1C7DD-E4F6-4057-92FC-710219215987}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_29\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers --> C:\Windows\system32\nvunrm.exe UninstallGUI
PrimoPDF --> "C:\Windows\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PrimoPDF Redistribution Package --> MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Supreme Commander --> C:\Program Files\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe -runfromtemp -l0x0009 -removeonly
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
The Rosetta Stone --> C:\Windows\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
TurboTax Basic 2006 --> C:\Program Files\TurboTax\Basic 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VOIP080 --> MsiExec.exe /X{5491307B-D2EB-442B-A420-280A3BCF51DF}
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type22217 / Success
Event Submitted/Written: 04/19/2008 09:55:28 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type22216 / Success
Event Submitted/Written: 04/19/2008 09:55:24 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type22209 / Success
Event Submitted/Written: 04/19/2008 09:55:09 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type22189 / Warning
Event Submitted/Written: 04/19/2008 09:53:40 AM
Event ID/Source: 6000 / Wlclntfy
Event Description:
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Event Record #/Type22186 / Warning
Event Submitted/Written: 04/19/2008 09:53:39 AM
Event ID/Source: 6000 / Wlclntfy
Event Description:
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type52673 / Error
Event Submitted/Written: 04/19/2008 09:54:25 AM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 14, function 0.
Please contact your system vendor for technical assistance.

Event Record #/Type52672 / Error
Event Submitted/Written: 04/19/2008 09:54:25 AM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 13, function 0.
Please contact your system vendor for technical assistance.

Event Record #/Type52671 / Error
Event Submitted/Written: 04/19/2008 09:54:25 AM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 12, function 0.
Please contact your system vendor for technical assistance.

Event Record #/Type52670 / Error
Event Submitted/Written: 04/19/2008 09:54:25 AM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 11, function 0.
Please contact your system vendor for technical assistance.

Event Record #/Type52669 / Error
Event Submitted/Written: 04/19/2008 09:54:25 AM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 10, function 0.
Please contact your system vendor for technical assistance.



-- End of Deckard's System Scanner: finished at 2008-04-19 10:26:55 ------------

#3 Zoolander428

Zoolander428
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 19 April 2008 - 06:09 AM

Computer scan from Kaspersky. Thank you in advance for your help.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 19, 2008 1:05:59 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/04/2008
Kaspersky Anti-Virus database records: 715149
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 90611
Number of viruses found: 3
Number of infected objects: 18
Number of suspicious objects: 0
Duration of the scan process: 00:58:50

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Deckard\System Scanner\backup\Users\ZOOLAN~1\AppData\Local\Temp\gun9.34.exe Infected: Backdoor.Win32.SdBot.doh skipped
C:\Deckard\System Scanner\backup\Users\ZOOLAN~1\AppData\Local\Temp\hgGWPfFW.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Deckard\System Scanner\backup\Users\ZOOLAN~1\AppData\Local\Temp\NER8380.tmp\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Deckard\System Scanner\backup\Users\ZOOLAN~1\AppData\Local\Temp\NERA8E5.tmp\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Deckard\System Scanner\backup\Users\ZOOLAN~1\AppData\Local\Temp\Nero 8 Ultra v 8.3.2.1.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Deckard\System Scanner\backup\Users\ZOOLAN~1\AppData\Local\Temp\Nero 8 Ultra v 8.3.2.1.exe 7-Zip: infected - 1 skipped
C:\Deckard\System Scanner\backup\Users\ZOOLAN~1\AppData\Local\Temp\NERO14399\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Deckard\System Scanner\backup\Users\ZOOLAN~1\AppData\Local\Temp\tmp0000c62e Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Deckard\System Scanner\backup\Users\ZOOLAN~1\AppData\Local\Temp\tmp0000cdee Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Deckard\System Scanner\backup\Users\ZOOLAN~1\AppData\Local\Temp\tmp0000e1f3 Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Deckard\System Scanner\backup\Users\ZOOLAN~1\AppData\Local\Temp\tmp0000e86c Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Deckard\System Scanner\backup\Users\ZOOLAN~1\AppData\Local\Temp\tmp0000f973 Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Deckard\System Scanner\backup\Users\ZOOLAN~1\AppData\Local\Temp\tmp00010b74 Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Deckard\System Scanner\backup\Users\ZOOLAN~1\AppData\Local\Temp\tmp00011335 Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Deckard\System Scanner\backup\Users\ZOOLAN~1\AppData\Local\Temp\tmp000129e9 Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Deckard\System Scanner\backup\Users\ZOOLAN~1\AppData\Local\Temp\tmp00015733 Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Deckard\System Scanner\backup\Users\ZOOLAN~1\AppData\Local\Temp\tmp0001acb6 Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Deckard\System Scanner\backup\Windows\temp\000000DB Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\000000F2 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\000002F0 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\000002F7 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\D653F3EC.TMP Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI10AF.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI507.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI7DB6.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI9895.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMIE1DF.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMIFF0.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\hppldcoi.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\hpzEN4v2.chm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\hpzEN4v2.hlp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\IDSinst.LOG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070324-215643-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070324-215646-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070325-003213-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070325-003218-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070325-103318-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070325-103322-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070325-133951-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070325-133955-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070326-183222-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070326-183226-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070327-181734-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070327-181739-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070328-190716-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070328-190719-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070329-174938-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070329-174941-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070331-100641-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070331-100645-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070402-221856-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070402-221900-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070403-214417-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070403-214421-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070404-213947-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070404-213950-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070405-160055-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070405-160059-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070413-170849-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070413-170852-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070414-154606-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070414-154612-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070417-231901-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070417-231907-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070418-223237-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070418-223240-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070419-233423-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070419-233427-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070420-183202-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070420-183205-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070424-113627-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070424-113631-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070425-230604-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070425-230607-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070427-141734-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070427-141738-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070501-211202-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070501-211206-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070502-234401-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070502-234405-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070510-235638-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070510-235643-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070511-171631-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070511-171634-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070514-181812-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070514-181816-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070517-203854-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070517-203858-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070521-091021-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070521-091026-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070523-032231-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070523-032235-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070523-173318-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070523-173323-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070524-191621-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070524-191625-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070527-184303-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070527-184308-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070529-191753-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070529-191758-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070530-193923-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070530-193927-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070531-180435-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070531-180439-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070602-092147-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070602-092151-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070604-183546-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070604-183550-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070605-183640-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070605-183647-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070606-181417-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070606-181422-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070607-173026-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070607-173031-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070612-210333-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070612-210338-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070613-181757-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070613-181801-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070613-203040-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070613-203051-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070614-181208-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070614-181214-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070615-170759-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070615-170804-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070617-183921-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070617-183925-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070618-071722-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070618-071727-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070622-214328-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070622-214333-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070625-183219-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070625-183224-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070629-110331-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070629-110335-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070702-180514-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070702-180519-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070703-174024-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070703-174029-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070705-112846-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070705-112851-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070706-175156-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070706-175201-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070707-053906-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070707-053911-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070715-224650-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070715-224702-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070715-231537-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070715-231542-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070716-190330-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070716-190335-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070716-232654-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070716-232659-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070717-173338-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070717-173347-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070719-011312-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070719-011318-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070719-182021-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070719-182027-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070722-220506-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070722-220512-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070723-190345-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070723-190350-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070724-175541-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070724-175546-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070725-182646-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070725-182652-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070726-220921-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070726-220927-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070727-154144-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070727-154149-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070730-180859-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070730-180904-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070801-174003-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070801-174009-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070802-173031-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070802-173036-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070803-001438-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070803-001444-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070803-165612-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070803-165618-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070808-221423-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070808-221429-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070809-182334-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070809-182340-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070810-030205-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070810-030210-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070810-125503-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070810-125509-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070812-221121-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070812-221127-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070814-185125-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070814-185143-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070814-205442-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070814-205452-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070816-002054-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070816-002105-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070816-154739-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070816-154749-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070819-220754-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070819-220805-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070820-193441-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070820-193450-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070821-175740-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070821-175750-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070822-183315-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070822-183324-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070823-171431-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070823-171448-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070824-164030-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070824-164039-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070826-181019-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070826-181028-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070827-175444-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070827-175454-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070828-152744-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070828-152753-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070829-032507-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070829-032516-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070829-171510-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070829-171521-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070830-125234-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070830-125244-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070904-032417-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070904-032427-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070904-180159-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070904-180208-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070905-174033-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070905-174042-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070906-172922-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070906-172931-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070909-144434-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070909-144445-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070911-195054-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070911-195103-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070912-125555-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070912-125605-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070913-173918-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070913-173928-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070914-174755-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070914-174805-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070916-041641-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070916-041654-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070923-184508-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070923-184519-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070923-205041-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070923-205050-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070924-181100-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070924-181111-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070925-172713-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070925-172723-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070926-192604-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070926-192613-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070927-181424-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070927-181433-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070928-172214-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070928-172223-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070929-095311-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070929-095322-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070930-120039-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070930-120049-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071003-172524-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071003-172534-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071004-175304-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071004-175314-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071005-174802-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071005-174812-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071006-164020-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071006-164030-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071007-191944-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071007-191954-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071008-181246-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071008-181256-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071009-181652-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071009-181702-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071010-175622-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071010-175634-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071011-183354-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071011-183414-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071012-002802-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071012-002813-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071012-162439-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071012-162449-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071019-175723-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071019-175735-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071024-231203-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071024-231215-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071025-190652-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071025-190701-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071028-194245-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071028-194258-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071029-222445-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071029-222456-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071030-234853-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071030-234904-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071101-013915-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071101-013926-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071101-224131-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071101-224141-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071105-181217-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071105-181229-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071105-215619-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071105-215629-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071106-171250-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071106-171301-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071107-085743-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071107-085752-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071216-094936-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071216-094950-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071218-194513-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071218-194523-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080106-202817-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080106-202830-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080107-184240-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080107-184249-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080108-184510-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080108-184521-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080109-220122-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080109-220133-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080111-183307-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080111-183326-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080111-194630-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080111-194640-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080112-033422-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080112-033434-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080113-032624-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080113-032636-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080114-175338-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080114-175356-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080115-064554-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080115-064608-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080115-172728-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080115-172740-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080116-181601-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080116-181614-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080118-170059-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080118-170110-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080119-104423-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080119-104435-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080119-154617-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080119-154629-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080120-095938-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080120-095950-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080121-185140-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080121-185153-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080122-191948-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080122-192001-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080124-173738-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080124-173750-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080125-174354-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080125-174410-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080127-123226-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080127-123244-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080127-151013-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080127-151028-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080128-175535-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080128-175555-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080129-174243-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080129-174255-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080130-073826-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080130-073838-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080130-190203-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080130-190216-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080131-165747-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080131-165801-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080201-163751-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080201-163806-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080207-145933-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080207-145947-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080207-224057-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080207-224109-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080208-144752-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080208-144804-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080209-175102-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080209-175116-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080210-151723-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080210-151734-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080211-180826-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080211-180838-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080212-174158-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080212-174210-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080213-171544-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080213-171621-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080214-112629-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080214-112653-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080214-174934-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080214-174950-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080215-200837-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080215-200849-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080215-221910-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080215-221924-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080216-141503-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080216-141516-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080217-145318-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080217-145331-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080221-023927-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080221-023942-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080221-193258-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080221-193313-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080221-203823-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080221-203836-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080222-171341-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080222-171354-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080223-133003-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080223-133016-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080224-140836-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080224-140854-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080225-181623-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080225-181637-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080226-082437-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080226-082450-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080304-205503-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080304-205518-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080306-182244-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080306-182300-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080307-174450-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080307-174513-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080308-032204-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080308-032217-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080325-112257-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080325-112404-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080325-120240-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080325-120253-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080326-174620-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080326-174635-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080327-171549-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080327-171647-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080328-224926-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080328-224940-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080330-074901-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080330-074916-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080331-184932-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080331-184946-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080401-165444-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080401-165500-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080402-182020-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080402-182034-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080403-075232-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080403-075259-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080403-161138-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080403-161150-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080404-100137-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080404-100151-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080407-163802-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080407-163817-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080408-175818-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080408-175833-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080409-184615-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080409-184629-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080410-180541-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080410-180556-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080411-080341-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080411-080357-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080411-171609-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080411-171637-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080412-015152-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080412-015206-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080412-170545-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080412-170600-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080413-140350-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080413-140719-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080413-152320-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080413-152335-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080414-180533-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080414-180549-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080415-071125-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080415-071139-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080415-180903-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080415-180920-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080416-191541-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080416-191556-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080416-222014-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080416-222053-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080416-225608-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080416-225636-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080417-001545-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080417-002106-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080417-181718-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080417-181846-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080417-235733-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080417-235850-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080418-010959-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080418-011329-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080418-235216-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080418-235338-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080419-101021-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080419-101049-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\MpSigStub.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\Norton_SPALOG_1_11_2008_2086156.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\Norton_SPALOG_9_24_2007_2335468.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\Norton_SPALOG_9_24_2007_392343.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\QTInstallCode.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\SRTSP_MSI_I_10.1.5.4.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\SRTSP_MSI_I_10.2.1.8.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\SRTSP_MSI_I_10.2.2.6.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\SRTSP_MSI_U_(1)10.1.5.4.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\SRTSP_MSI_U_(1)10.2.1.8.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\SRTSP_MSI_U_10.1.4.2.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\SRTSP_Setup10.1.5.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\SRTSP_Setup_10.2.1.8.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\SRTSP_Setup_10.2.2.6.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\srtUnin.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\SYMEVENT.LOG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_DX.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_KernelLog.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_StorageAsmt.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\wmsetup.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.bak Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2008-04-19_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\ProgramData\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
C:\Users\Zoolander\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Zoolander\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Zoolander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Zoolander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Zoolander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Zoolander\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Zoolander\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Zoolander\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Zoolander\AppData\Local\Microsoft\Windows\UsrClass.dat{d6ece778-d9cb-11db-93d7-001617d49231}.TM.blf Object is locked skipped
C:\Users\Zoolander\AppData\Local\Microsoft\Windows\UsrClass.dat{d6ece778-d9cb-11db-93d7-001617d49231}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Zoolander\AppData\Local\Microsoft\Windows\UsrClass.dat{d6ece778-d9cb-11db-93d7-001617d49231}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Zoolander\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Zoolander\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Zoolander\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Zoolander\AppData\Local\Mozilla\Firefox\Profiles\lqrg6f2z.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Zoolander\AppData\Local\Mozilla\Firefox\Profiles\lqrg6f2z.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Zoolander\AppData\Local\Mozilla\Firefox\Profiles\lqrg6f2z.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Zoolander\AppData\Local\Mozilla\Firefox\Profiles\lqrg6f2z.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Zoolander\AppData\Local\Temp\mlJYpPjG.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mhf skipped
C:\Users\Zoolander\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Mozilla\Firefox\Profiles\lqrg6f2z.default\cert8.db Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Mozilla\Firefox\Profiles\lqrg6f2z.default\formhistory.dat Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Mozilla\Firefox\Profiles\lqrg6f2z.default\history.dat Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Mozilla\Firefox\Profiles\lqrg6f2z.default\key3.db Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Mozilla\Firefox\Profiles\lqrg6f2z.default\search.sqlite Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Mozilla\Firefox\Profiles\lqrg6f2z.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Skype\dan042880\call256.dbb Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Skype\dan042880\callmember256.dbb Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Skype\dan042880\chat512.dbb Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Skype\dan042880\chatmember256.dbb Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Skype\dan042880\chatmsg256.dbb Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Skype\dan042880\chatmsg512.dbb Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Skype\dan042880\contactgroup256.dbb Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Skype\dan042880\dyncontent\bundle.dat Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Skype\dan042880\index2.dat Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Skype\dan042880\profile256.dbb Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Skype\dan042880\transfer256.dbb Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Skype\dan042880\transfer512.dbb Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Skype\dan042880\user1024.dbb Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Skype\dan042880\user256.dbb Object is locked skipped
C:\Users\Zoolander\AppData\Roaming\Skype\dan042880\voicemail256.dbb Object is locked skipped
C:\Users\Zoolander\NTUSER.DAT Object is locked skipped
C:\Users\Zoolander\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Zoolander\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Zoolander\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Zoolander\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Zoolander\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Installer\MSI4B85.tmp Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{5B666080-D7BE-44C8-B651-84F66101BE7F}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

Scan process completed.

#4 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:07:10 PM

Posted 28 April 2008 - 12:04 PM

Hello Zoolander428

Welcome to the Bleeping Computer Malware Removal Forum Lets do a few things.


Download Trendmicros Hijackthis to your desktop.
Double click it to install
Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe
  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Format and make sure Wordwrap is Unchecked
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.





Download VundoFix to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply along with a Hijackthis log.



Please download ATF Cleaner by Atribune to your desktop.
  • This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up



I need to see the reports from Vundofix, Malwarebytes and a Hijackthis log AFTER you run both these programs

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#5 Zoolander428

Zoolander428
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 29 April 2008 - 03:26 PM

Thank you Ken for your help. I ran vundofix and it found nothing. I ran Malwarebyte's program and it found a few files and some registry keys, one associated with "MSserver." I did not run ATF as I am on Vista and your post stated it is only for XP/2000. My logs are below. Unfortunately, "travel season" is about to begin for me, and I'll be away for a while - so please accept my apologies in advance if I do not reply further for about 2 weeks. I will have access to the forum, but not to the infected computer.

Further info - NortonAV has found Vundo files on various occasions and removed them. They return later. I have not been able to associate its reappearance to any specific event (ex. restarting, running certain program...) My computer does not seem to suffer any performance issues, but vundo was still a reaccuring problem (this is prior to running the programs you have suggested). Again, thank you for your help.

Here is my HJT log, followed by Malwarebyte's.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:41 PM, on 4/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Philips\VOIP080\VOIP080.exe
C:\Program Files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DetectTray] C:\Program Files\DVBT\DetectTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VOIP080.lnk = C:\Program Files\Philips\VOIP080\VOIP080.exe
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9620 bytes


Malwarebytes' Anti-Malware 1.11
Database version: 697

Scan type: Quick Scan
Objects scanned: 31749
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:07:10 PM

Posted 29 April 2008 - 05:27 PM

Zoolander428,

No problem on the replies, I will keep this open for you but an administrator my close it, if it is closed just PM me and I will reopen it.

I was at a Summit with the man that wrote ATF Cleaner and he said it works on Vista, I have had a few other posters run it with no problems.

When you can , do this.


Download ComboFix from Here or Here to your Desktop.

In the event you already have Combofix, this is a new version that I need you to download.
It must be saved directly to your desktop.



1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again afterwards before connecting to the net

2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
  • If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.




C:\Program Files\Trend Micro\HijackThis\HijackThis.exe<-- Right click on Hijackthis.exe ( looks like a man with a spyglass ) and rename it to Scanner.exe and post a new HJT log


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#7 Zoolander428

Zoolander428
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 19 May 2008 - 11:20 AM

ComboFix Log
ComboFix 08-05-15.3 - Zoolander 2008-05-19 18:09:42.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1925 [GMT 2:00]
Running from: C:\Users\Zoolander\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Zoolander\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-04-29 21:49 . 2008-04-29 21:49 <DIR> d-------- C:\Users\Zoolander\AppData\Roaming\Malwarebytes
2008-04-29 21:49 . 2008-04-29 21:49 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-04-29 21:49 . 2008-04-29 21:49 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-04-29 21:49 . 2008-04-29 21:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-24 19:33 . 2008-04-24 19:33 <DIR> d-------- C:\Users\All Users\vsosdk
2008-04-24 19:33 . 2008-04-24 19:33 <DIR> d-------- C:\ProgramData\vsosdk
2008-04-24 18:55 . 2008-04-24 20:05 <DIR> d-------- C:\Users\Zoolander\AppData\Roaming\Vso
2008-04-24 18:55 . 2008-04-24 18:55 <DIR> d-------- C:\Program Files\VSO
2008-04-24 18:55 . 2004-05-04 11:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-04-24 18:55 . 2006-05-20 16:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll
2008-04-24 18:55 . 2006-05-11 19:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll
2008-04-24 18:55 . 2006-09-29 12:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-04-24 18:55 . 2006-09-29 12:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-04-24 18:55 . 2006-09-29 12:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-04-24 18:55 . 2007-03-18 20:37 65,602 --a------ C:\Windows\System32\cook3260.dll
2008-04-24 18:55 . 2008-04-24 18:55 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-04-24 18:55 . 2008-04-24 18:55 47,360 --a------ C:\Users\Zoolander\AppData\Roaming\pcouffin.sys
2008-04-19 18:38 . 2008-04-19 18:38 <DIR> d-------- C:\VundoFix Backups
2008-04-19 10:37 . 2008-04-19 10:37 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-04-19 10:19 . 2008-04-19 10:19 <DIR> d-------- C:\Deckard
2008-04-19 10:08 . 2008-04-19 10:08 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 15:57 --------- d-----w C:\Users\Zoolander\AppData\Roaming\Skype
2008-05-19 15:36 --------- d-----w C:\Users\Zoolander\AppData\Roaming\skypePM
2008-05-18 22:28 --------- d-----w C:\Program Files\Windows Mail
2008-05-18 22:27 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-18 10:17 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 05:59 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-18 05:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-17 22:18 --------- d-----w C:\ProgramData\Lavasoft
2008-04-17 22:17 --------- d-----w C:\Program Files\Lavasoft
2008-04-17 22:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 22:03 --------- d-----w C:\Users\Zoolander\AppData\Roaming\Symantec
2008-04-16 20:50 --------- d---a-w C:\ProgramData\TEMP
2008-04-15 21:30 --------- d-----w C:\Users\Zoolander\AppData\Roaming\uTorrent
2008-04-12 20:28 --------- d-----w C:\Users\Zoolander\AppData\Roaming\???????sAppData
2008-04-12 18:28 --------- d-----w C:\Users\Zoolander\AppData\Roaming\LimeWire
2008-04-12 15:29 --------- d-----w C:\Program Files\uTorrent
2008-04-08 11:46 --------- d-----w C:\Program Files\iTunes
2008-04-08 11:46 --------- d-----w C:\Program Files\iPod
2008-04-08 11:45 --------- d-----w C:\Program Files\QuickTime
2008-04-01 14:51 --------- d-----w C:\Program Files\LimeWire
2008-04-01 14:47 --------- d-----w C:\Program Files\World of Warcraft
2008-03-25 10:35 --------- d-----w C:\ProgramData\Symantec
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-01-11 17:48 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-11 17:48 32 ----a-w C:\ProgramData\ezsid.dat
2007-08-29 08:10 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 04:04 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"Aim6"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"DetectTray"="C:\Program Files\DVBT\DetectTray.exe" [2007-01-18 14:18 143360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-14 10:01 1006264]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 07:59 115816]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 22:50 4399104 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-03-14 01:55 1822720 C:\Windows\SkyTel.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 08:11 132496]
"NWEReboot"="" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 03:22 1126400]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [ ]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-06 21:00 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-06 21:00 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-06 21:00 81920]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 11:44:06 29696]
VOIP080.lnk - C:\Program Files\Philips\VOIP080\VOIP080.exe [2007-04-03 11:16:30 663552]
Wireless Connection Manager.lnk - C:\Program Files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe [2008-01-27 13:23:31 15519744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-10-08 02:18 360448 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2004-11-22 15:18 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D9978204-FF4A-4995-8023-8A82986CFDA8}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4A4C1FD7-86F0-43BF-9FAF-E1A6C2C5814E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B801A19D-4C71-4EAF-8C7F-BCB77D4BC6C7}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{80B19F69-A8CB-4BDE-A05C-8375BE8B3A33}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{D2B01B5E-670E-4EE0-B750-BDFF78EC4BB4}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{896AA015-A41B-4969-8AB7-9042C0CAF4D9}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{390FFC4F-FA98-4B6D-AA45-535526AD7DE4}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{90E6B004-B3AD-4991-87BE-0E121FEB6C26}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{93E49C1E-40F2-4832-8261-FA773560D6E7}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{0D3BEA42-6E4D-4227-9C25-529C55CD5114}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{FBC7B6AA-832E-4122-9C57-4096E676B29A}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3BBA78C8-C677-481E-81A2-83BC42A07F90}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{834DD0AD-640C-4FC2-9A14-B01440787F05}"= UDP:C:\Program Files\TurboTax\Basic 2006\32bit\ttax.exe:TurboTax
"{7CD9203E-D126-49A6-ADA7-B80E5C9E04D7}"= TCP:C:\Program Files\TurboTax\Basic 2006\32bit\ttax.exe:TurboTax
"{BCC5E58B-23CA-4A74-9905-1D8C33B318C3}"= UDP:C:\Program Files\TurboTax\Basic 2006\32bit\updatemgr.exe:TurboTax Update Manager
"{771D50C0-20F1-4C22-8C6A-31F03B2278D0}"= TCP:C:\Program Files\TurboTax\Basic 2006\32bit\updatemgr.exe:TurboTax Update Manager
"{BEA47DA8-A1E3-4EA0-AD97-85B4DC182957}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{FE01D861-AF4F-4F96-BC61-7AB80C525C4C}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{0BADA1B3-D2F0-41D0-BFB9-0ECEF36A8F29}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"{26D9E462-FFA4-4346-BA84-F052F6881211}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B02E952A-281F-4D50-BB19-394F3A22ECB4}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DE6B860A-3C15-464C-B20C-0D5CAF98D2E6}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{F9CEBC74-2CDD-4AC4-9DED-474DB5A1B2C9}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{0CB26D4E-AE3E-403C-99CE-70D534510FF7}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{E783E871-AAA1-446E-A2C7-0DA9839FFFF2}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{18CD5663-897F-4984-931B-EF8A95769D30}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{C4C05A06-A4D2-46B8-B9AF-AB568E8164C4}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{BDDF7FA7-B901-4A19-934B-1140DB83FD82}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{C508DA5F-6D44-4439-8C57-89230AC7F089}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{023B0CDB-6E50-48D9-A9D0-1CACECC0795E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9438D850-14ED-4BD8-BCEB-07D4FDF1E7D2}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20080513.001\IDSvix86.sys [2008-02-13 18:18]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 23:38]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-31 03:55]
R3 VUALFDrv;SONIX Audio Filter Driver;C:\Windows\System32\Drivers\VUALFDrv.sys [2007-02-01 17:51]
S3 EC168BDA;EC168BDA service;C:\Windows\system32\DRIVERS\EC168BDA.sys [2007-04-27 05:01]
S3 netr73;D-Link DWA-111 Wireless G USB Adapter Driver;C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 10:01]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-04-28 20:42:58 C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - Zoolander.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeB/TASK:
"2008-05-19 15:52:16 C:\Windows\Tasks\User_Feed_Synchronization-{F785F2D9-2064-4505-B4F2-DB6C939461D8}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 18:11:17
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-19 18:12:21
ComboFix-quarantined-files.txt 2008-05-19 16:11:49
ComboFix2.txt 2008-04-21 17:58:11

Pre-Run: 197,053,693,952 bytes free
Post-Run: 198,352,961,536 bytes free

199 --- E O F --- 2008-05-18 22:28:05



HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:41 PM, on 5/19/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DVBT\DetectTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Philips\VOIP080\VOIP080.exe
C:\Program Files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DetectTray] C:\Program Files\DVBT\DetectTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VOIP080.lnk = C:\Program Files\Philips\VOIP080\VOIP080.exe
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9589 bytes

#8 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:07:10 PM

Posted 19 May 2008 - 12:14 PM

Hello,

Welcome back. :blink:

Viewpoint installs without your knowledge or consent, uses system resources and basically is a useless program.

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Uninstall it via the Add Remove Programs in the Control Panel

C:\Program Files\Viewpoint <---Delete this folder

The rest of your log looks fine :thumbsup: How are things running now??

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#9 Zoolander428

Zoolander428
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 20 May 2008 - 11:48 AM

Thanks for the quick reply! Everything seems to be good now, HDD activity back to normal, no more "threat" alerts from S&D or Norton. I definitely appreciate the help, if it wasn't for the support from you volunteers, I'd be stuck reformatting. And with my software CD/DVD's in another country, it makes a big difference! Donation on the way - just may be a few days.

#10 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:07:10 PM

Posted 20 May 2008 - 12:20 PM

Glad things are better for you :thumbsup:

Read these links that have been written by the wonderful people in the Malware Removal Community for helping to keep your system more secure.


Safe Surfn
Ken

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#11 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:07:10 PM

Posted 31 May 2008 - 10:07 PM

Since this issue appears to be resolved this thread will now be closed. Thank you for using Bleeping Computer.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users