Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojan-spy.html.fraud.gen And Adtool.win32.mywebsearch.bn


  • This topic is locked This topic is locked
6 replies to this topic

#1 ilove2Bhome

ilove2Bhome

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 23 May 2008 - 12:20 AM

Hello,

I am new at this forum stuff, but found you through a Google search when I received a message from my AV program saying I was infected with Trojan-Spy.HTML.Fraud.gen and AdTool.Win32.MyWebSearch.bn. I located the infected files and deleted them and re-ran the AV scan. The scan didn't find any Malware the second time, but I don't totally trust that report. I need to make sure it's gone because I've had an incident of fraudulent activity in one of my credit card accounts. I don't know if it was due to this virus or not.

I am running Windows Vista Home Premium with an F-Secure Internet Security Suite. The AV program could not disinfect or remove it. I followed all the steps given here on this website to remove the virus and I think it is gone, but would like someone to check into this further for me. I am posting my scan results here.
***PLEASE NOTE: When I ran the Kaspersky Scan, I didn't know I was supposed to turn off my F-Secure Anti-Virus, so I'm not sure if the scan was run accurately. Do you think it will have an effect on the scan results? I would have run it again, but it took over an hour and I wanted to submit this report to you. Also, I don't know what happened to the extra .txt file from the Deckard's scan. Maybe I should start all over? Please advise.

Thank you for your wonderful website and this great forum! You all are a blessing! :thumbsup:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 23, 2008 12:27:09 AM
Operating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/05/2008
Kaspersky Anti-Virus database records: 710647
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 99041
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:14:36

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Deckard\System Scanner\backup\Users\Mom\AppData\Local\Temp\mwsqm00.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\ASPNETSetup_00000.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI1360.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI14E6.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI26D3.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI2B3C.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI4CD7.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI6086.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI6F2.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI9923.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\iufsav.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071118-131753-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071118-131759-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071127-120620-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071127-120640-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071127-123258-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071127-123307-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071127-150335-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071127-150348-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071203-100442-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071203-100449-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071207-110637-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071207-110645-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071207-174429-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071207-174438-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071208-143645-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071208-143653-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071210-121952-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071210-121959-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071212-124330-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071212-124340-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071215-094151-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071215-094201-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071216-124933-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071216-124942-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071216-194154-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071216-194203-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071217-101658-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071217-101706-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071224-205059-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071224-205110-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071229-151754-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071229-151802-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071230-141120-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071230-141128-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071231-085142-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071231-085149-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080101-104146-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080101-104155-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080102-111646-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080102-111653-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080106-134244-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080106-134252-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080106-140452-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080106-140500-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080106-142325-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080106-142333-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080106-144140-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080106-144148-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080106-150925-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080106-150933-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080106-153633-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080106-153640-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080106-175431-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080106-175446-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080107-094327-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080107-094334-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080108-095059-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080108-095107-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080108-222001-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080108-222009-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080110-120841-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080110-120851-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080111-102845-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080111-102854-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080112-151148-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080112-151156-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080113-130349-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080113-130358-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080114-230811-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080114-230819-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080115-113652-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080115-113700-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080116-111158-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080116-111209-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080117-115852-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080117-115903-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080117-151507-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080117-151518-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080117-171450-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080117-171458-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080117-234326-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080117-234334-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080118-091530-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080118-091538-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080118-154321-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080118-154330-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080119-115454-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080119-115502-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080119-131850-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080119-131858-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080120-083437-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080120-083446-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080121-094321-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080121-094329-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080122-131728-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080122-131738-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080123-010701-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080123-010709-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080123-103234-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080123-103242-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080123-141307-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080123-141317-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080123-152945-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080123-152953-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080124-201215-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080124-201232-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080125-203935-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080125-203943-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080126-135229-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080126-135238-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080126-143303-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080126-143312-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080127-160134-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080127-160144-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080128-104354-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080128-104403-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080204-214614-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080204-214623-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080205-092849-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080205-092859-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080205-171714-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080205-171723-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080206-155727-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080206-155735-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080209-181132-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080209-181141-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080211-222248-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080211-222256-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080211-231323-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080211-231720-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080212-215336-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080212-215345-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080213-165430-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080213-165441-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080215-013814-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080215-013823-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080215-221310-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080215-221319-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080216-094251-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080216-094304-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080222-162709-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080222-162719-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080223-181347-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080223-181359-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080225-173143-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080225-173153-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080225-201841-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080225-201926-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080226-092736-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080226-092746-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080227-133634-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080227-133643-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080301-005615-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080301-005625-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080301-221050-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080301-221100-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080301-234008-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080301-234019-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080304-090413-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080304-090424-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080305-153043-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080305-153052-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080305-180254-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080305-180304-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080305-190137-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080305-190148-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080306-092217-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080306-092229-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080306-221336-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080306-221348-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080307-153759-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080307-153809-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080308-225359-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080308-225408-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080312-133245-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080312-133255-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080312-161945-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080312-161954-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080312-213653-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080312-213704-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080313-032703-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080313-032715-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080313-125106-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080313-125114-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080313-181012-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080313-181023-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080314-113113-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080314-113128-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080314-141431-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080314-141444-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080315-101947-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080315-101956-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080317-145747-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080317-145758-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080317-153721-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080317-153733-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080319-102423-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080319-102435-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080319-140851-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080319-140901-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080320-091017-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080320-091028-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080324-180509-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080324-180520-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080325-175025-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080325-175036-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080327-160511-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080327-160523-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080328-092028-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080328-092038-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080329-084002-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080329-084013-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080330-085116-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080330-085127-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080330-092020-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080330-092031-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\MpCmdRun.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\MpSigStub.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\SilverlightMSI0258.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\SilverlightUI0258.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\VistaSP1_InstallPerf_142855.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER1A28.tmp.version.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER1A38.tmp.appcompat.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER2A5D.tmp.hdmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER3533.tmp.version.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER37E2.tmp.appcompat.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER4072.tmp.version.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER4257.tmp.appcompat.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER47ED.tmp.hdmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER8B0F.tmp.version.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER8C0A.tmp.appcompat.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERAF82.tmp.hdmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERB50E.tmp.hdmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERC2A2.tmp.version.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERC33F.tmp.appcompat.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERDE29.tmp.hdmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERDFE4.tmp.hdmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERF0B5.tmp.version.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERF22D.tmp.appcompat.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_DX.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_KernelLog.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_StorageAsmt.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\wmsetup.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\dbupdate.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\deleteme_msg.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe.Qrt.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\power.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Common\policy.bpf Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Common\policy.ipf Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.dbg Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsbwupst.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\FSPC\csdk\Stlst\StatListDb.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\FSPC\csdk\Stlst\StatListDb.idx Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\FSPC\csdk\urlcache\domainNames.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\FSPC\csdk\urlcache\domainNames.idx Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\FSPC\csdk\urlcache\urlCacheDb.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\FSPC\csdk\urlcache\urlCacheDb.idx Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\FSPC\logs\fspcwld.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\FSPC\logs\fspcwli.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Spam Control\log\fs_sa_log.txt Object is locked skipped
C:\Program Files\InstallShield Installation Information\{34F0D55F-C386-4195-9A5B-961D3F6ACD46}\setup.ilg Object is locked skipped
C:\Program Files\Mozilla Firefox\uninstall\uninstall.update Object is locked skipped
C:\ProgramData\F-Secure\logs\FSMA\fsma.log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3a71627ac7c7811a94ea47a9bfc804c7_f426eeee-fb35-45a7-a914-9e834ec9503c Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c754917acf6332a4a11fd5424e1e030b_f426eeee-fb35-45a7-a914-9e834ec9503c Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Guest.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Kids.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Mom.dat Object is locked skipped
C:\Users\Mom\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Mom\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Mom\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Mom\AppData\Local\Microsoft\Windows\UsrClass.dat{f8b3da10-a741-11dc-9cee-0016d38490c5}.TM.blf Object is locked skipped
C:\Users\Mom\AppData\Local\Microsoft\Windows\UsrClass.dat{f8b3da10-a741-11dc-9cee-0016d38490c5}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Mom\AppData\Local\Microsoft\Windows\UsrClass.dat{f8b3da10-a741-11dc-9cee-0016d38490c5}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Mom\AppData\Local\MigWiz\diagerr.xml Object is locked skipped
C:\Users\Mom\AppData\Local\MigWiz\diagwrn.xml Object is locked skipped
C:\Users\Mom\AppData\Local\MigWiz\setupact.log Object is locked skipped
C:\Users\Mom\AppData\Local\MigWiz\setuperr.log Object is locked skipped
C:\Users\Mom\ntuser.dat Object is locked skipped
C:\Users\Mom\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Mom\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Mom\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Mom\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Mom\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Sandy\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Sandy\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Sandy\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008052220080523\index.dat Object is locked skipped
C:\Users\Sandy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Sandy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Sandy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Sandy\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Sandy\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Sandy\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Sandy\AppData\Local\Microsoft\Windows\UsrClass.dat{b977a73f-88b0-11dc-ada1-0016d38490c5}.TM.blf Object is locked skipped
C:\Users\Sandy\AppData\Local\Microsoft\Windows\UsrClass.dat{b977a73f-88b0-11dc-ada1-0016d38490c5}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Sandy\AppData\Local\Microsoft\Windows\UsrClass.dat{b977a73f-88b0-11dc-ada1-0016d38490c5}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Sandy\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Sandy\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Sandy\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Sandy\AppData\Local\Ahead\Nero Home\bl.db Object is locked skipped
C:\Users\Sandy\AppData\Local\Ahead\Nero Home\is2.db Object is locked skipped
C:\Users\Sandy\AppData\Local\Temp\Low\~DF23A8.tmp Object is locked skipped
C:\Users\Sandy\AppData\Local\Temp\Low\~DF23D4.tmp Object is locked skipped
C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Sandy\ntuser.dat Object is locked skipped
C:\Users\Sandy\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Sandy\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Sandy\ntuser.dat{e6bdda96-08b4-11dd-b245-0016d38490c5}.TM.blf Object is locked skipped
C:\Users\Sandy\ntuser.dat{e6bdda96-08b4-11dd-b245-0016d38490c5}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Sandy\ntuser.dat{e6bdda96-08b4-11dd-b245-0016d38490c5}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\1E2E58C73053C7775EB226DB5E739137.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2CE523184A801AA7361A7039E2D6B41D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\376786241A5443E41378D25CF812FCC1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4CB32C0A77CD4D9B0C9618F73F786C32.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5B5D21CF62E70BACF9D085E6AA6CE143.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\87AA2A001CE3E89926688B93E4DC2992.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8A94AF24F162D580E3D9889344A3A317.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8C718B5AFD373885B68D2836088CAF9A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\96ABB1671705F680578FE240427CBD4F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9CD33F0956942860B50AA1B9330DEFAF.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA742824DCADA846BA4B665D686DD5D6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D1A1B12A7DA3F9675C01397A26DBF4B3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D4C4BA54B6A8FA6211E60E2ADFF7426A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Tasks\Scheduled scanning task.job Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd Object is locked skipped

Scan process completed.

*******************

Here's the Deckard Report:

Deckard's System Scanner v20071014.68
Run by Mom on 2008-05-22 21:38:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-22 21:41:09
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynMedion.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Sandy\Downloads\Claim Your Power Now Calls\Desktop\Desktop\dss.exe
C:\Windows\System32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\RunServices: [SSDPSRV] C:\Windows\system32\ssdpsrv.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b...heckControl.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} () - http://aolsvc.aol.com/onlinegames/chuzzled...ploader_v10.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...298/mcfscan.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{44F50EC9-45BF-4698-90F3-4D1F309DC15B}: NameServer = 24.247.15.53,24.247.24.53
O18 - Protocol: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll
O18 - Protocol: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe


--
End of file - 9838 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Hotkey - c:\windows\system32\drivers\hotkey.sys

S3 flash - \??\c:\windows\system32\drivers\flash.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
R3 WisLMSvc - "c:\program files\launch manager\wislmsvc.exe" <Not Verified; Wistron Corp.; >

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-22 20:00:18 526 --a------ C:\Windows\Tasks\Scheduled scanning task.job


-- Files created between 2008-04-22 and 2008-05-22 -----------------------------

2008-05-22 21:38:35 0 d-------- \Deckard
2008-05-21 23:51:58 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-05-21 15:34:53 0 d--hs---- \Config.Msi
2008-05-19 16:02:34 0 d-------- C:\Windows\McAfee.com
2008-05-14 07:32:32 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-13 10:39:19 2011873280 --ahs---- \hiberfil.sys
2008-05-08 14:10:12 0 d-------- C:\Users\All Users\Yahoo!
2008-05-08 14:09:08 0 d-------- C:\Program Files\Yahoo!
2008-05-02 14:42:48 0 d-------- C:\Program Files\Apple Software Update
2008-04-30 14:34:02 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-28 20:33:27 0 d-------- C:\Program Files\Picasa2


-- Find3M Report ---------------------------------------------------------------

2008-05-22 18:23:34 2147483647 --ahs---- \pagefile.sys
2008-05-22 16:59:52 0 d-------- C:\Program Files\Google
2008-05-21 22:53:32 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-15 02:36:35 0 d-------- C:\Program Files\Windows Mail
2008-05-14 18:08:48 0 d-------- C:\Program Files\Charter High-Speed Security Suite
2008-05-13 20:45:00 0 d-------- C:\Users\Mom\AppData\Roaming\F-Secure
2008-05-13 20:42:43 12931 --a------ C:\Users\Mom\AppData\Roaming\nvModes.001
2008-05-12 16:25:55 0 d-------- C:\Users\Mom\AppData\Roaming\Talkback
2008-05-08 14:09:55 0 d-------- C:\Users\Mom\AppData\Roaming\Yahoo!
2008-04-30 14:34:25 0 d-------- C:\Users\Mom\AppData\Roaming\Mozilla
2008-04-30 14:34:24 0 d-------- C:\Users\Mom\AppData\Roaming\Thunderbird
2008-04-12 15:52:24 0 d-------- C:\Program Files\iTunes
2008-04-12 15:52:05 0 d-------- C:\Program Files\iPod
2008-04-12 15:50:50 0 d-------- C:\Program Files\QuickTime
2008-03-30 11:45:11 174 --ahs---- C:\Program Files\desktop.ini
2008-03-30 11:35:59 0 d-------- C:\Program Files\Windows Sidebar
2008-03-30 11:35:59 0 d-------- C:\Program Files\Windows Calendar
2008-03-30 11:35:59 0 d-------- C:\Program Files\Movie Maker
2008-03-30 11:35:57 0 d-------- C:\Program Files\Windows Photo Gallery
2008-03-30 11:35:57 0 d-------- C:\Program Files\Windows Journal
2008-03-30 11:35:57 0 d-------- C:\Program Files\Windows Collaboration
2008-03-30 11:35:54 0 d-------- C:\Program Files\Windows Defender
2008-02-23 13:29:17 12931 --a------ C:\Users\Mom\AppData\Roaming\nvModes.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 03:38 AM]
"RtHDVCpl"="RtHDVCpl.exe" [02/15/2007 11:07 AM C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/15/2007 03:50 PM]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [07/25/2005 04:36 PM]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [04/16/2007 06:24 PM]
"LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [12/26/2006 02:23 PM]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [11/09/2006 05:37 PM]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [11/22/2006 01:31 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 06:40 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [01/13/2007 04:40 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [01/13/2007 04:40 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [01/13/2007 04:40 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"F-Secure Manager"="C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.exe" [04/23/2008 12:13 PM]
"F-Secure TNB"="C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" [04/23/2008 12:13 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/19/2008 03:33 AM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [02/25/2008 09:23 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"SSDPSRV"=C:\Windows\system32\ssdpsrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-22 21:43:41 ------------

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:59 AM

Posted 30 May 2008 - 11:13 PM

Hello ilove2Bhome,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.



Do you think it will have an effect on the scan results? I would have run it again, but it took over an hour and I wanted to submit this report to you.

Yes, it may have effected the results. Let run it again.

Please perform this online scan: Kaspersky Webscan

Make sure you disable your F-secure antivirus before running the Kaspersky Webscan.

Note that you need to run this scan with Internet Explorer for it to work correctly.

If you have any problem running the scan to completion, disable your Antivirus and/or firewall temporarily, just refrain from surfing around while the scan is running and be sure to re-enable when done.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appear asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat step 1.
3. Select "Install" to download the ActiveX controls that allows Kaspersky to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. Wait for the scanner to initialize and update its databases. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE,
Scan Options:
Scan Archives
Scan Mail Bases


then click "OK"
7. Select a target to scan: Click on "My Computer" and the scan will begin.
8. Once the scan is complete it will display if your system has been infected.
Now click on the Save Report As... button:

Posted Image

Under Save as type select Text file write name for the file and save it to your Desktop.
Locate the file at the Desktop, open it, then copy and paste that information in your next post.
9. Post the Kaspersky scan results in your next reply.

Edited by SifuMike, 30 May 2008 - 11:16 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 ilove2Bhome

ilove2Bhome
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 31 May 2008 - 02:18 AM

Hello SifuMike,

Thank you for your reply. I ran the MBAM scan as you said to do (report follows). However, when I ran the Kaspersky Scan again as you suggested it would not complete the update. This is the error message I received:

Please wait to update the virus definitions...
Downloading from url: http://downloads2.kaspersky-labs.com
Downloading remote file: master.xml
Update process FAILED. No further antivirus actions can be performed!

Attention, you must be online to activate Kaspersky Online Scanner, since
the latest Anti-Virus bases version must be downloaded prior to scan. Otherwise
we cannot guarantee detection of latest viruses. [21]


So then, I uninstalled and re-installed the Kaspersky program, and tried running it again but it still wouldn't complete the update and it gave me the same error message. (I temporarily disabled my virus and firewall protection before running the scan as you said, and I am using IE 7.)

Also, I must tell you that from the time I first posted my message, while waiting for a reply, I uninstalled my F-Secure and installed AVG so I could scan my whole system again to make sure it was clean. So far all the scans I've run have come back with no infections (until the one I just ran with the MBAM). I'm still using AVG but wondered if I should go ahead and reinstall F-Secure once we're certain that my computer is free of any malware or viruses. Just wondering what you think.
By the way, I seem to be getting a lot of SPAM email even though I use a SPAM filter. I am using my ISP's web-based email, not Outlook Express. Just wondered if there's another solution to that?

OK, here's the MBAM report (finally)...

Malwarebytes' Anti-Malware 1.14
Database version: 807

2:09:44 AM 5/31/2008
mbam-log-5-31-2008 (02-09-44).txt

Scan type: Quick Scan
Objects scanned: 39104
Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

PS. Why did you say to run the Quick Scan opposed to the Full Scan? Just wondered.

Again, thank you for your help.

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:59 AM

Posted 31 May 2008 - 01:01 PM

Hi ilove2Bhome,


PS. Why did you say to run the Quick Scan opposed to the Full Scan? Just wondered.


Full scan scans selected drives (or all drives) while quick scan scans the main drain.

However, when I ran the Kaspersky Scan again as you suggested it would not complete the update. This is the error message I received:

Please wait to update the virus definitions...
Downloading from url: http://downloads2.kaspersky-labs.com
Downloading remote file: master.xml
Update process FAILED. No further antivirus actions can be performed!


Sounds like a problem with the download process due to the web site being busy. Your ran this scanner successfully before, so it has to be the site.


I'm still using AVG but wondered if I should go ahead and reinstall F-Secure once we're certain that my computer is free of any malware or viruses. Just wondering what you think.

Since you have run two virus scanners, you should be virus free. Uninstall AVG and reinstall F-secure.


By the way, I seem to be getting a lot of SPAM email even though I use a SPAM filter. I am using my ISP's web-based email, not Outlook Express. Just wondered if there's another solution to that?


Sorry, cant help you with you Spam email filter. Sounds like the Spam Filter is not effective. That is not a malware problem but a software problem. Try another forum for that.

How is the computer running?
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 ilove2Bhome

ilove2Bhome
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 31 May 2008 - 01:40 PM

Hi SifuMike

How is the computer running?


It seems to be running fine now. I feel that this topic is now closed. Thanks for your help.

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:59 AM

Posted 31 May 2008 - 02:12 PM

Your very welcome. :thumbsup:

Please read and follow
How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:59 AM

Posted 06 June 2008 - 06:53 PM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users