Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep Getting System Integrity Scan Wizard Pop Up


  • This topic is locked This topic is locked
8 replies to this topic

#1 ConfusedDude

ConfusedDude

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 30 April 2008 - 08:55 PM

The Pop up "system integrity scan wizard keeps popping up". I dont really know much about computers and I would really appreciate if you can help me. Another popup is there as well, which i guess will tell you guys too since Im here. Its red and says "Security System Warning.. Alert details: File: C:/Windows/wml.exe Threat:Abebot

Deckard's System Scanner v20071014.68
Run by Cole on 2008-04-30 21:32:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
12: 2008-05-01 00:44:38 UTC - RP314 - Windows Update
11: 2008-04-28 17:12:50 UTC - RP313 - Scheduled Checkpoint
10: 2008-04-28 00:48:47 UTC - RP312 - Scheduled Checkpoint
9: 2008-04-25 22:38:48 UTC - RP311 - Scheduled Checkpoint
8: 2008-04-24 19:36:45 UTC - RP310 - Windows Update


-- First Restore Point --
1: 2008-04-10 07:00:43 UTC - RP303 - Windows Update


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 895 MiB (1024 MiB recommended).


-- HijackThis (run as Cole.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:06 PM, on 4/30/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
C:\Program Files\GameSpot\GDM_TrayApp.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\hp\kbd\kbd.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\hykzakjc\sbwfujgf.exe
C:\ProgramData\ahqxefmh\avcjmbmp.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Users\Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0F18ZD1\dss[1].exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Cole.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [hykzakjc] C:\ProgramData\hykzakjc\sbwfujgf.exe
O4 - HKCU\..\Run: [MYOmq5kORU] C:\ProgramData\ahqxefmh\avcjmbmp.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Cole\AppData\Local\Temp\ssqOEUlj.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Cole\AppData\Local\Temp\ljJYSijK.dll,c
O4 - HKCU\..\Run: [eaac03bc] rundll32.exe "C:\Users\Cole\AppData\Local\Temp\xicxllsu.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://129.171.166.231/activex/AxisCamControl.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11019 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 DNADownloader - c:\program files\gamespot\downloadmanager_win32.exe <Not Verified; CNET Networks; GameSpot Download Manager>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-30 20:57:22 416 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{6819DA29-98D2-4650-891D-DAFE2B5DFDF4}.job


-- Files created between 2008-03-30 and 2008-04-30 -----------------------------

2008-04-30 21:40:37 0 d-------- C:\Program Files\Trend Micro
2008-04-30 20:04:16 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-30 19:36:50 0 d-------- C:\Users\All Users\ahqxefmh
2008-04-30 19:36:49 0 d-------- C:\Users\All Users\hykzakjc


-- Find3M Report ---------------------------------------------------------------

2008-04-18 21:48:03 0 d-------- C:\Program Files\LimeWire
2008-04-18 18:35:29 0 d-------- C:\Users\Cole\AppData\Roaming\LimeWire
2008-04-10 03:13:35 0 d-------- C:\Program Files\Windows Mail
2008-04-08 21:22:17 5430 --a------ C:\Users\Cole\AppData\Roaming\wklnhst.dat
2008-04-06 19:00:08 0 d-------- C:\Users\Cole\AppData\Roaming\Macromedia
2008-04-02 23:59:49 174 --ahs---- C:\Program Files\desktop.ini
2008-04-02 23:35:20 0 d-------- C:\Program Files\Windows Calendar
2008-04-02 23:35:18 0 d-------- C:\Program Files\Windows Sidebar
2008-04-02 23:35:18 0 d-------- C:\Program Files\Movie Maker
2008-04-02 23:35:15 0 d-------- C:\Program Files\Windows Collaboration
2008-04-02 23:35:14 0 d-------- C:\Program Files\Windows Photo Gallery
2008-04-02 23:35:05 0 d-------- C:\Program Files\Windows Defender
2008-03-13 21:32:51 0 d-------- C:\Program Files\Picasa2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 03:38 AM]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [09/28/2006 09:42 AM]
"KBD"="C:\HP\KBD\KbdStub.EXE" [12/08/2006 11:16 AM]
"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [07/11/2006 09:12 PM]
"RtHDVCpl"="RtHDVCpl.exe" [11/09/2006 06:57 AM C:\Windows\RtHDVCpl.exe]
"DPService"="C:\Program Files\HP\DVDPlay\DPService.exe" [11/08/2006 03:52 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/17/2005 03:11 AM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/24/2006 05:08 PM]
"IS CfgWiz"="c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [10/24/2006 03:19 AM]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [10/26/2006 07:18 PM]
"@"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/19/2007 09:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 07:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/19/2008 03:33 AM]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [11/16/2006 06:59 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"Aim6"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 08:45 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [10/20/2007 11:21 PM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [02/25/2008 09:23 PM]
"hykzakjc"="C:\ProgramData\hykzakjc\sbwfujgf.exe" [04/30/2008 07:36 PM]
"MYOmq5kORU"="C:\ProgramData\ahqxefmh\avcjmbmp.exe" [04/30/2008 07:36 PM]
"MSServer"="C:\Users\Cole\AppData\Local\Temp\ssqOEUlj.dll,#1" []
"cmds"="C:\Users\Cole\AppData\Local\Temp\ljJYSijK.dll,c" []
"eaac03bc"="C:\Users\Cole\AppData\Local\Temp\xicxllsu.dll,b" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GDM_TrayApp.exe [7/10/2007 2:17:16 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe [1/19/2007 12:18:21 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a30d0915-c070-11db-9f01-806e6f6e6963}]
AutoRun\command- E:\autorun.exe
directx\command- E:\DirectX9\dxsetup.exe
setup\command- E:\setup.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-30 21:45:26 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Basic (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 894.58 MiB / 306.45 MiB
Pagefile Memory (total/avail): 2055.5 MiB / 709.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1888.13 MiB

C: is Fixed (NTFS) - 106.01 GiB total, 35.69 GiB free.
D: is Fixed (NTFS) - 5.78 GiB total, 0.88 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST3120213AS ATA Device - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 106.01 GiB - C:
\PARTITION1 - Installable File System - 5.78 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Norton Internet Security v2007 (Symantec Corporation) Disabled
AV: Norton Internet Security v2007 (Symantec Corporation) Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton Internet Security v2007 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Cole\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COLE-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Cole
LOCALAPPDATA=C:\Users\Cole\AppData\Local
LOGONSERVER=\\COLE-PC
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\hp\bin\Python;c:\Program Files\ATI Technologies\ATI.ACE;c:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Presario
PLATFORM=HPD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0605
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
RoxioCentral=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Cole\AppData\Local\Temp
TMP=C:\Users\Cole\AppData\Local\Temp
USERDOMAIN=Cole-PC
USERNAME=Cole
USERPROFILE=C:\Users\Cole
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Cole


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
--> "C:\Program Files\HP Games\Mahjong Journey of Enlightenment\Uninstall.exe"
--> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
--> "C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
--> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files\HP Games\The Apprentice\Uninstall.exe"
--> "C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
--> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
--> MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Age of Empires III --> C:\Program Files\InstallShield Installation Information\{70F8B183-99EB-4304-BA35-080E2DFFD2A3}\setup.exe -runfromtemp -l0x0409
Age of Empires III - The WarChiefs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
AGEIA PhysX v7.03.21 --> MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B755EF7-F860-4F72-9A2D-5216CB48BA7C}\setup.exe" -l0x9
ArcSoft VideoImpression 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66E0EB37-6024-4872-897A-8E83AF1C87CA}\setup.exe" -l0x9
ATI Catalyst Control Center Ex --> MsiExec.exe /I{D8ED8FEC-0FAA-F0C2-0008-7830DE40AF86}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Compaq Connections (remove only) --> C:\Windows\HPCPCUninstall-3572475\HPBWSetup.exe -appid 3572475 -uninstall
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Play --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
Empire Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
Empire Earth - The Art of Conquest --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49C924C-A651-4378-94F6-5D9BF44A959F}\Setup.exe" -l0x9
Empire Earth II Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03814958-6B1C-43FE-A6D4-D49EA1E5D524}\setup.exe" -l0x9 -removeonly
Empire Earth III --> C:\Program Files\InstallShield Installation Information\{B17E235C-7A3B-4482-B650-21FFDE1D452E}\setup.exe -runfromtemp -l0x0009 -removeonly
Empire Earth III Public Demo --> C:\Program Files\InstallShield Installation Information\{E80447AF-A31E-4F0C-9690-805284F9C45D}\setup.exe -runfromtemp -l0x0009 -removeonly
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
GameSpot Download Manager --> "C:\Program Files\GameSpot\uninstall.exe"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hardware Diagnostic Tools --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback --> MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Core --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Picasso Media Center Add-In --> MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor --> MsiExec.exe /X{0373779B-A362-4B2E-B8E9-7442F19F9394}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Instant Wireless USB Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B78823CD-488F-43B4-80D6-FAEADAE40EC4}\setup.exe" -l0x9
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PlayNC Launcher --> C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
Python 2.4.3 --> MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Roxio Creator Audio --> MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.inf
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Warcraft III --> C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Windows Live OneCare safety scanner --> "C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Yahoo! Toolbar for Internet Explorer --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type6320 / Error
Event Submitted/Written: 04/30/2008 07:48:09 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Explorer.EXE, version 6.0.6001.18000, time stamp 0x47918e5d, faulting module xicxllsu.dll, version 0.0.0.0, time stamp 0x89bb30c9, exception code 0xc0000005, fault offset 0x000036a9,
process id 0x6cc, application start time 0xExplorer.EXE0.

Event Record #/Type6319 / Warning
Event Submitted/Written: 04/29/2008 10:18:42 PM
Event ID/Source: 5612 / WinMgmt
Event Description:
HandleCount409740965832

Event Record #/Type6310 / Warning
Event Submitted/Written: 04/27/2008 10:17:21 PM
Event ID/Source: 5612 / WinMgmt
Event Description:
HandleCount409740965592

Event Record #/Type6300 / Error
Event Submitted/Written: 04/26/2008 08:34:07 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program age3.exe version 4.107.803.3365 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: c3c
Start Time: 01c8a7f48e562c10
Termination Time: 629

Event Record #/Type6294 / Warning
Event Submitted/Written: 04/26/2008 07:16:12 PM
Event ID/Source: 5612 / WinMgmt
Event Description:
HandleCount410040964364



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type42002 / Warning
Event Submitted/Written: 04/30/2008 09:41:34 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Cole-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Cole-PC27 can't undo changes that you allow.

For more information please see the following:
%Cole-PC275

Scan ID: {A517AC14-5EFB-4C40-BE1A-9CADF5EF8441}

User: Cole-PC\Cole

Name: %Cole-PC271

ID: %Cole-PC272

Severity ID: %Cole-PC273

Category ID: %Cole-PC274

Path Found: %Cole-PC276

Alert Type: %Cole-PC278

Detection Type: 1.1.1600.02

Event Record #/Type42001 / Warning
Event Submitted/Written: 04/30/2008 09:41:34 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Cole-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Cole-PC27 can't undo changes that you allow.

For more information please see the following:
%Cole-PC275

Scan ID: {78D1553A-4D82-4357-9161-A48B2B386C23}

User: Cole-PC\Cole

Name: %Cole-PC271

ID: %Cole-PC272

Severity ID: %Cole-PC273

Category ID: %Cole-PC274

Path Found: %Cole-PC276

Alert Type: %Cole-PC278

Detection Type: 1.1.1600.02

Event Record #/Type42000 / Warning
Event Submitted/Written: 04/30/2008 09:41:34 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Cole-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Cole-PC27 can't undo changes that you allow.

For more information please see the following:
%Cole-PC275

Scan ID: {FE43D103-FB58-4456-9321-553D144166EF}

User: Cole-PC\Cole

Name: %Cole-PC271

ID: %Cole-PC272

Severity ID: %Cole-PC273

Category ID: %Cole-PC274

Path Found: %Cole-PC276

Alert Type: %Cole-PC278

Detection Type: 1.1.1600.02

Event Record #/Type41999 / Warning
Event Submitted/Written: 04/30/2008 09:41:34 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Cole-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Cole-PC27 can't undo changes that you allow.

For more information please see the following:
%Cole-PC275

Scan ID: {E8FECDEA-D25C-4EBB-AB38-E83A11F31D6C}

User: Cole-PC\Cole

Name: %Cole-PC271

ID: %Cole-PC272

Severity ID: %Cole-PC273

Category ID: %Cole-PC274

Path Found: %Cole-PC276

Alert Type: %Cole-PC278

Detection Type: 1.1.1600.02

Event Record #/Type41997 / Error
Event Submitted/Written: 04/30/2008 09:35:34 PM
Event ID/Source: 7 / disk
Event Description:
The device, \Device\Harddisk0\DR0, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-04-30 21:45:26 ------------



Thanks again!!!

BC AdBot (Login to Remove)

 


#2 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 01 May 2008 - 03:15 PM

Hi

Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

O4 - HKCU\..\Run: [hykzakjc] C:\ProgramData\hykzakjc\sbwfujgf.exe
O4 - HKCU\..\Run: [MYOmq5kORU] C:\ProgramData\ahqxefmh\avcjmbmp.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Cole\AppData\Local\Temp\ssqOEUlj.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Cole\AppData\Local\Temp\ljJYSijK.dll,c
O4 - HKCU\..\Run: [eaac03bc] rundll32.exe "C:\Users\Cole\AppData\Local\Temp\xicxllsu.dll",b


Reboot ... then find & delete :-

C:\ProgramData\hykzakjc ... folder
C:\ProgramData\ahqxefmh ... folder
C:\Users\All Users\ahqxefmh ... folder
C:\Users\All Users\hykzakjc ... folder

Then please run these scans ...

Please run a Kaspersky Online Scan

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

Click Accept

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives Scan Mail Bases
  • Click OK
  • Now under select a target to scan: Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Once finished, save the log to your Desktop as filename KAV.txt
&

Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#3 ConfusedDude

ConfusedDude
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 01 May 2008 - 08:31 PM

Ok i Followed everything that you told me to do. (Those scans took a long time). I have noticed other popups as well that arent just the System Integrity scan one. Anyways here are the results

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 01, 2008 8:33:05 PM
Operating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/05/2008
Kaspersky Anti-Virus database records: 734552
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 135516
Number of viruses found: 3
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 03:16:18

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Deckard\System Scanner\backup\Users\Cole\AppData\Local\Temp\ssqOEUlj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qta skipped
C:\Deckard\System Scanner\backup\Users\Cole\AppData\Local\Temp\WER-110011-0.sysdata.xml Object is locked skipped
C:\Deckard\System Scanner\backup\Users\Cole\AppData\Local\Temp\WER-124769-0.sysdata.xml Object is locked skipped
C:\Deckard\System Scanner\backup\Users\Cole\AppData\Local\Temp\WER-144675-0.sysdata.xml Object is locked skipped
C:\Deckard\System Scanner\backup\Users\Cole\AppData\Local\Temp\xicxllsu.dll Infected: Packed.Win32.Monder.gen skipped
C:\Deckard\System Scanner\backup\Windows\temp\ASPNETSetup.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\ASPNETSetup_00000.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\data1.cab Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\data1.hdr Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\data2.cab Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI1FDE.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI911F.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMIAD9C.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\dotNetFx.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\drm_dyndata_7330004.dll Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\ehelp.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile00.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile01.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile02.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile03.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile04.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile05.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile06.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile07.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile08.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile09.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile10.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile11.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile12.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile13.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile14.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\hpzEN4v2.chm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\hpzEN4v2.hlp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\ISSetup.dll Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\jsredistSetup.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\layout.bin Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\LicenseAgreement.rtf Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070220-171157-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070220-171201-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070221-172704-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070221-172708-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070222-170034-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070222-170037-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070223-171111-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070223-171116-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070224-162529-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070224-162532-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070226-123621-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070226-123625-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070303-110628-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070303-110632-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070317-100943-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070317-100949-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070408-093624-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070408-093630-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070412-182351-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070412-182357-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070422-121934-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070422-121955-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070423-194050-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070423-194054-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070428-081430-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070428-081453-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070428-202352-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070428-202357-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070503-191127-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070503-191132-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070505-082210-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070505-082215-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070508-174127-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070508-174132-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070508-183303-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070508-183313-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070511-084539-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070511-084545-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070512-112812-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070512-112830-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070513-181626-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070513-181637-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070519-200306-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070519-200322-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070520-213432-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070520-213436-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070523-171713-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070523-171719-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070605-095657-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070605-095703-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070605-203707-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070605-203712-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070605-215220-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070605-215227-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070608-145749-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070608-145754-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070610-142518-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070610-142523-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070611-144036-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070611-144041-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070613-122801-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070613-122806-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070620-102140-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070620-102149-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070622-105844-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070622-105850-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070630-111535-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070630-111552-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070715-183410-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070715-183531-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070721-162226-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070721-162233-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070722-132222-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070722-132228-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070807-222413-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070807-222421-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070816-082839-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070816-082849-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070829-183608-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070829-183618-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070905-033604-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070905-033612-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070905-214526-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070905-214533-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070926-165623-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070926-165631-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070926-215949-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070926-215957-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071007-115502-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071007-115511-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071010-172748-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071010-172802-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071011-180616-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071011-180624-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071012-181522-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071012-181531-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071028-114044-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071028-114056-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071031-062253-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071031-062323-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071104-115809-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071104-115819-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071104-133026-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071104-133035-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071106-164453-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071106-164504-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071111-200210-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071111-200219-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071112-161639-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071112-161648-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071114-180103-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071114-180113-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071206-173020-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071206-173032-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071206-212134-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071206-212146-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071212-190229-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071212-190238-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071230-221751-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071230-221805-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071231-184559-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071231-184611-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080101-171811-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080101-171820-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080101-184014-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080101-184023-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080109-195906-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080109-195917-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080110-173426-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080110-173439-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080117-192520-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080117-192531-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080120-225735-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080120-225747-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080121-110820-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080121-110829-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080127-222905-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080127-222922-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080203-113939-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080203-113949-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080203-142839-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080203-142849-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080214-181144-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080214-181200-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080225-173903-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080225-173917-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080313-180811-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080313-180829-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080323-184641-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080323-184651-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080324-181129-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080324-181143-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\MpCmdRun.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\MpSigStub.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\netfxsl.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\netfxupdate.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\NetFxUpdate_v1.1.4322.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\ReadMe.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\setup.exe Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\setup.ini Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\setup.inx Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\TMP0000002665F75C84F97E38AD Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\TMP0000003B51828FA0D9A00AD8 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\TMP0000003C1B0D518B3F733728 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\TMP0000003DAE6D5A34C220DAD5 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\TMP000000754F3D199A18C8B5AE Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\VistaSP1_InstallPerf_142855.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER14A9.tmp.hdmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER2B0C.tmp.version.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER2B1D.tmp.appcompat.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER462.tmp.version.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER57C.tmp.appcompat.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERA10D.tmp.version.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERA14C.tmp.appcompat.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERB14B.tmp.version.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERB14C.tmp.appcompat.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\wic.exe Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_DX.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_KernelLog.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_StorageAsmt.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\wmsetup.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\_Setup.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\L0000009.FCS Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Compaq Connections\3572475\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\GameSpot\logs\GameSpot_Download_Service.log Object is locked skipped
C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.ilg Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\PC-Doctor 5 for Windows\Configuration\config.xml Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.bak Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2008-05-01_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\A46B73AF.TMP Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\FAA779AD.TMP Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\46F34Z8T\kriv[1] Infected: Packed.Win32.Monder.gen skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3P5J89K\css4[1] Infected: Packed.Win32.Monder.gen skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows\UsrClass.dat{e6a1385d-c071-11db-9700-001921526ec9}.TM.blf Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows\UsrClass.dat{e6a1385d-c071-11db-9700-001921526ec9}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows\UsrClass.dat{e6a1385d-c071-11db-9700-001921526ec9}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows Defender\FileTracker\{14DDD11A-7B68-4D70-80AA-A5875C13B0ED} Object is locked skipped
C:\Users\Cole\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Cole\AppData\Local\Temp\JETD45E.tmp Object is locked skipped
C:\Users\Cole\AppData\Local\Temp\ljJYSijK.dll Infected: Packed.Win32.Monder.gen skipped
C:\Users\Cole\AppData\Local\Temp\Low\~DF9B57.tmp Object is locked skipped
C:\Users\Cole\AppData\Local\Temp\Low\~DFA0CF.tmp Object is locked skipped
C:\Users\Cole\AppData\Local\Temp\mainframe.log.txt Object is locked skipped
C:\Users\Cole\AppData\Roaming\Hewlett-Packard\HPAdvisor\HPAdvisorToDo.ldb Object is locked skipped
C:\Users\Cole\AppData\Roaming\Hewlett-Packard\HPAdvisor\HPAdvisorToDo.mdb Object is locked skipped
C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Cole\NTUSER.DAT Object is locked skipped
C:\Users\Cole\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Cole\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Cole\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped
C:\Users\Cole\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Cole\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Cole\Shared\paramore thats wat u get.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\1E2E58C73053C7775EB226DB5E739137.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2CE523184A801AA7361A7039E2D6B41D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\376786241A5443E41378D25CF812FCC1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4CB32C0A77CD4D9B0C9618F73F786C32.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5B5D21CF62E70BACF9D085E6AA6CE143.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\87AA2A001CE3E89926688B93E4DC2992.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8C718B5AFD373885B68D2836088CAF9A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\96ABB1671705F680578FE240427CBD4F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9CD33F0956942860B50AA1B9330DEFAF.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA742824DCADA846BA4B665D686DD5D6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D1A1B12A7DA3F9675C01397A26DBF4B3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D4C4BA54B6A8FA6211E60E2ADFF7426A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\ACEEventLog.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd Object is locked skipped

Scan process completed.


Malwarebytes' Anti-Malware 1.11
Database version: 707

Scan type: Quick Scan
Objects scanned: 32785
Time elapsed: 15 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 37
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\Cole\AppData\Local\Temp\ljJYSijK.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Users\Cole\AppData\Local\Temp\wciobxqp.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{426d7ccb-07cb-4ba8-a470-18139fe0596b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{72e93d8e-7a33-4cd6-b3d3-301b66e3f19b} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{bbbe2579-ab72-418b-aaf9-bc3ea4f35698} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ce86878f-d099-4ffc-a4dc-e51d192063b1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\services (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eaac03bc (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Cole\AppData\Local\Temp\ljJYSijK.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Cole\AppData\Local\Temp\wciobxqp.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Cole\Local Settings\Temporary Internet Files\Content.IE5\46F34Z8T\kriv[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Cole\Local Settings\Temporary Internet Files\Content.IE5\F3P5J89K\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Cole\Local Settings\Temporary Internet Files\Content.IE5\SMDIGR29\kriv[1] (Trojan.Vundo) -> Delete on reboot.

#4 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 02 May 2008 - 02:13 PM

HI

(Those scans took a long time)


The scan times were normal for the number of files being scanned ...

Please run Ccleaner, then post a new hijackthis log ... are you still getting pop-ups ? are your problems resolved ?

Please Download CCleaner from :-

http://www.filehippo.com/download_ccleaner/ (click the download tab)

During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.

doubleclick the ccsetup.exe file and install the program...

After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Make sure the "windows" tab is selected

Under "internet explorer" tick...

Temporary internet files
Cookies* > see Note below
History
Recently typed URL's
(leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
Delete index.dat files
Last download location
Autocomplete form history


under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

Other explorer MRU's
(leave this unticked if you DON'T want to clear lists such as the start\run list)

under "System"

Tick ALL these ...


under "Advanced"

no need to tick any of these (but you can if you want, and realise what they do)


Applications tab...

These will mostly clean out old log files for these applications...

Clean:- (if you use them)

Firefox/Mozilla (optional - leave the cookies - see note)
Opera
Sun Java
ZoneAlarm

...
Personally I clean everything in the applications tab... but you tick what you want...

Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.

click "analyse" if you want to see a list of what is going to be removed, before it is removed.

Or

click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

"This process will permanently delete files from your system. Are you sure you wish to proceed?"

click OK.

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#5 ConfusedDude

ConfusedDude
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 02 May 2008 - 04:12 PM

Ok Im not getting any pop ups so Im hopeful that it worked. Thank you sooo much steam for helping me out! I really appreciate it.
Heres the Hijack Log after doing everything.
Thanks again!

Deckard's System Scanner v20071014.68
Run by Cole on 2008-05-02 17:07:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 895 MiB (1024 MiB recommended).


-- HijackThis (run as Cole.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:29 PM, on 5/2/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
C:\Program Files\GameSpot\GDM_TrayApp.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\hp\kbd\kbd.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\Cole\Desktop\dss.exe
c:\program files\google\googletoolbar1user.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Cole.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Cole\AppData\Local\Temp\ljJYSijK.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://129.171.166.231/activex/AxisCamControl.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10601 bytes

-- Files created between 2008-04-02 and 2008-05-02 -----------------------------

2008-05-02 16:50:31 0 d-------- C:\Program Files\CCleaner
2008-05-01 20:42:28 0 d-------- C:\Users\All Users\Malwarebytes
2008-05-01 20:42:26 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-01 16:48:34 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-04-30 21:40:37 0 d-------- C:\Program Files\Trend Micro
2008-04-30 20:04:16 0 d-------- C:\Program Files\Windows Live Safety Center


-- Find3M Report ---------------------------------------------------------------

2008-05-01 20:42:54 0 d-------- C:\Users\Cole\AppData\Roaming\Malwarebytes
2008-04-18 21:48:03 0 d-------- C:\Program Files\LimeWire
2008-04-18 18:35:29 0 d-------- C:\Users\Cole\AppData\Roaming\LimeWire
2008-04-10 03:13:35 0 d-------- C:\Program Files\Windows Mail
2008-04-08 21:22:17 5430 --a------ C:\Users\Cole\AppData\Roaming\wklnhst.dat
2008-04-06 19:00:08 0 d-------- C:\Users\Cole\AppData\Roaming\Macromedia
2008-04-02 23:59:49 174 --ahs---- C:\Program Files\desktop.ini
2008-04-02 23:35:20 0 d-------- C:\Program Files\Windows Calendar
2008-04-02 23:35:18 0 d-------- C:\Program Files\Windows Sidebar
2008-04-02 23:35:18 0 d-------- C:\Program Files\Movie Maker
2008-04-02 23:35:15 0 d-------- C:\Program Files\Windows Collaboration
2008-04-02 23:35:14 0 d-------- C:\Program Files\Windows Photo Gallery
2008-04-02 23:35:05 0 d-------- C:\Program Files\Windows Defender
2008-03-13 21:32:51 0 d-------- C:\Program Files\Picasa2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 03:38 AM]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [09/28/2006 09:42 AM]
"KBD"="C:\HP\KBD\KbdStub.EXE" [12/08/2006 11:16 AM]
"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [07/11/2006 09:12 PM]
"RtHDVCpl"="RtHDVCpl.exe" [11/09/2006 06:57 AM C:\Windows\RtHDVCpl.exe]
"DPService"="C:\Program Files\HP\DVDPlay\DPService.exe" [11/08/2006 03:52 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/17/2005 03:11 AM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/24/2006 05:08 PM]
"IS CfgWiz"="c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [10/24/2006 03:19 AM]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [10/26/2006 07:18 PM]
"@"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/19/2007 09:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 07:36 PM]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [04/07/2008 08:17 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/19/2008 03:33 AM]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [11/16/2006 06:59 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"Aim6"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 08:45 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [10/20/2007 11:21 PM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [02/25/2008 09:23 PM]
"cmds"="C:\Users\Cole\AppData\Local\Temp\ljJYSijK.dll,c" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GDM_TrayApp.exe [7/10/2007 2:17:16 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe [1/19/2007 12:18:21 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a30d0915-c070-11db-9f01-806e6f6e6963}]
AutoRun\command- E:\autorun.exe
directx\command- E:\DirectX9\dxsetup.exe
setup\command- E:\setup.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-02 17:08:02 ------------

#6 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 03 May 2008 - 02:41 PM

Hi

Just a few things to clean up ...

1. run hijackthis & fix this entry :-

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Cole\AppData\Local\Temp\ljJYSijK.dll,c

It's an orphan malware run key ... you no longer have the file ...

-

2. You are running an out-of-date version of java

Go to add/remove programs and uninstall any earlier versions ... in your case :-

J2SE Runtime Environment 5.0 Update 11
Java™ 6 Update 2

Then You can go here and install the latest version of Java.

http://java.sun.com/javase/downloads/index.jsp

Scroll down the page to 'Java Runtime Environment (JRE) 6 Update 6' and press the 'Download' button.


Running an out-of-date version of java is an infection risk.

-
3. Your AV: Norton Internet Security v2007 (Symantec Corporation) is Outdated ...

I suggest you uninstall it, it's bloated, resource intensive & expensive ... install & run AVG FREE anti-virus instead ..

http://free.grisoft.com/ww.download-avg-an...us-free-edition

-
Lastly ... in your first post you mentioned "Another popup is there as well, which i guess will tell you guys too since Im here. Its red and says "Security System Warning.. Alert details: File: C:/Windows/wml.exe Threat:Abebot"

I never noticed this file mentioned in any of the logs, so please see if you still have the file C:/Windows/wml.exe

I believe the alert itself was part of the malware, so you probably never had the file in the first place ...

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#7 ConfusedDude

ConfusedDude
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 03 May 2008 - 03:47 PM

Alright, I finished everything you said to do. There was no C:/Windows/wml.exe... well atleast I dont think there is.
Thank you very much for helping me out. I really appreciate it.

#8 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 04 May 2008 - 01:35 PM

HI

You're very welcome ...

Happy surfing :thumbsup:

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#9 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 21 May 2008 - 02:50 PM

As this thread is resolved, :thumbsup: it is now locked.

If the original poster would like it re-opened, please send me a PM with a link to this thread.

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users