Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Mouse Movements and Keystrokes


  • This topic is locked This topic is locked
19 replies to this topic

#1 zona70

zona70

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 08 July 2009 - 07:40 PM

Background

Windows Vista Ultimate 32 bit. Older Core2 Duo, 4GB PC6400, 9800GT, F1tality, Belkin KVM (used for years without issue), old school microsoft natural kbd, microsoft sidewinder high rez mouse, blah blah blah....

Norton 360 V2.5.0.5 with today's definitions - real-time scanning and nightly full system scans

Spybot S&D with current defs scans clean

Stable system running generally well for better than a year. Routinly maintained defraged etc but not muddled with much...

Recent Changes
Microsoft Patch bundle and after a couple of days of nagging IE 8 for Vista (given that IE 7 had been unstable for me).



Symptom

This morning I noted some odd mouse behavior while gaming - stuff moving when it shouldn't, stuff moving when no input given or moving in response to mouse clicks when no movemet was intended and no movement would normally result from that click. Additionally - in text areas extra keystrokes started to appear and in some cases text from the clipboard was pasted without the command to paste. I reloaded game - it persisted. I rebooted machine - it persisted. I launched a browser and found that I had erratic scrolling occuring. I replaced the mouse - the problems persisted. I removed the KVM switch - the problems persisted. I ran a full AV scan and then a full Spybot S&D scan - both came back clean (with the exception of a couple of tracking cookies that were automatically removed). I ran Hijack This and got the following (plus a couple auto launch lines for Roxio that I subsequently removed). I suspect a keylogger but am not able to identify it.

Attached Files


Edited by zona70, 09 July 2009 - 12:13 AM.


BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 17 July 2009 - 05:50 PM

Hello and :thumbup2: to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.

-----------------------------------------------------------

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:)

#3 zona70

zona70
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 18 July 2009 - 12:50 AM

Uploads as requested

< Logs placed In-line ~ Maurice>
DDS Log
DDS (Ver_09-06-26.01) - NTFSx86
Run by millernh at 22:45:59.17 on Fri 07/17/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3327.1913 [GMT -7:00]

AV: AVG 7.5.516 *On-access scanning disabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\millernh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O60GNBAE\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [GhostStartTrayApp] c:\program files\symantec\norton ghost 2003\GhostStartTrayApp.exe
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Norton Ghost 12.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\millernh\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://carefx.webex.com/client/T25L/webex/ieatgpc1.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-8 64160]
R0 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-8-9 131616]
R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2003-12-17 5632]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090709.001\IDSvix86.sys [2009-7-10 272432]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-5-4 1153368]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2008-1-14 5120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S2 gupdate1c95ee2764be6f1;Google Update Service (gupdate1c95ee2764be6f1);c:\program files\google\update\GoogleUpdate.exe [2008-12-15 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-7-11 38160]
S3 RTCore32;RTCore32;c:\program files\evga precision\RTCore32.sys [2005-5-25 4608]

=============== Created Last 30 ================

2009-07-16 19:25 <DIR> --d----- c:\users\millernh\.housecall6.6
2009-07-15 10:37 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 10:37 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 10:37 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 10:37 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-11 09:10 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-07-11 09:05 <DIR> --ds---- C:\ComboFix
2009-07-11 06:25 161,792 a------- c:\windows\SWREG.exe
2009-07-11 06:25 155,136 a------- c:\windows\PEV.exe
2009-07-11 06:25 98,816 a------- c:\windows\sed.exe
2009-07-11 06:05 <DIR> --d----- c:\users\millernh\appdata\roaming\Malwarebytes
2009-07-11 06:05 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 06:05 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-11 06:05 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-11 06:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-11 06:05 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-08 23:18 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-08 23:08 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-08 22:46 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-08 22:46 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-08 22:46 <DIR> --d----- c:\programdata\Lavasoft
2009-07-08 22:46 <DIR> --d----- c:\program files\Lavasoft
2009-07-08 07:27 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-06 09:33 156,160 a------- c:\windows\system32\msls31.dll
2009-07-06 09:33 72,704 a------- c:\windows\system32\admparse.dll
2009-07-06 09:33 66,560 a------- c:\windows\system32\tdc.ocx
2009-07-06 09:33 48,128 a------- c:\windows\system32\mshtmler.dll
2009-07-06 09:33 18,944 a------- c:\windows\system32\corpol.dll
2009-07-01 23:12 <DIR> --d----- c:\program files\Rawr v2.2.8
2009-07-01 08:18 428,544 a------- c:\windows\system32\EncDec.dll
2009-07-01 08:18 217,088 a------- c:\windows\system32\psisrndr.ax
2009-07-01 08:18 293,376 a------- c:\windows\system32\psisdecd.dll
2009-07-01 08:18 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-07-01 08:18 80,896 a------- c:\windows\system32\MSNP.ax

==================== Find3M ====================

2009-05-08 22:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-08 22:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-23 05:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 05:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 04:55 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-15 06:52 86,016 a------- c:\windows\inf\infstrng.dat
2009-04-15 06:52 51,200 a------- c:\windows\inf\infpub.dat
2009-04-15 06:52 86,016 a------- c:\windows\inf\infstor.dat
2008-07-09 09:43 12,408,864 a------- c:\users\millernh\WoW-2.4.2.8278-to-0.4.3.8478-enUS-patch.exe
2008-06-11 03:09 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-06 21:12 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 22:46:33.39 ===============

Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/28/2007 9:59:56 AM
System Uptime: 7/17/2009 10:35:40 PM (0 hours ago)

Motherboard: http://www.abit.com.tw/ | | FP-IN9 SLI(C55-MCP51)
Processor: Intel® Core™2 CPU 6420 @ 2.13GHz | Socket 775 | 2133/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 284 GiB total, 186.299 GiB free.
E: is FIXED (NTFS) - 275 GiB total, 166.036 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP878: 7/11/2009 8:52:14 PM - Scheduled Checkpoint
RP879: 7/13/2009 8:29:40 AM - Scheduled Checkpoint
RP880: 7/15/2009 11:10:29 AM - Scheduled Checkpoint
RP881: 7/15/2009 1:21:23 PM - Windows Update
RP882: 7/16/2009 7:22:52 PM - Installed Java™ 6 Update 14

==== Installed Programs ======================

Ad-Aware
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.3
Adobe Shockwave Player
Adobe Stock Photos 1.0
AppCore
Apple Software Update
Backup
BlackBerry Desktop Software 4.2.2
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
ccCommon
Chessmaster Grandmaster Edition
Compatibility Pack for the 2007 Office system
EVGA Precision 1.3.0
FastStone Image Viewer 3.4
FreeAgent Pro Tools
GearDrvs
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java™ 6 Update 14
Java™ 6 Update 2
Java™ 6 Update 3
LiveReg (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.2
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nero 7 Ultra Edition
neroxml
NetObjects Fusion 10.0
NetObjects Toolbox - Bonus Applications
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
Norton Ghost
Norton PartitionMagic
Norton PartitionMagic 8.0
Norton Security Scan
NVIDIA Drivers
NVIDIA PhysX
QuickTime
Readiris Pro 10
Roxio Media Manager
Samsung SCX-4725 Series
Security Update for CAPICOM (KB931906)
SmarThru 4
SmarThru PC Fax
SPBBC 32bit
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VSO Image Resizer 1.3.4d
VSO Image Resizer 2.0.1.11
WebEx
WinPcap 4.0.2
WinSCP 4.0.4
Wireshark 1.0.1

==== Event Viewer Messages From Past Week ========

7/11/2009 9:02:13 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/11/2009 7:12:48 AM, Error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
7/11/2009 6:27:01 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/11/2009 6:27:01 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PEVSystemStart service to connect.
7/11/2009 11:32:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service GhostStartService with arguments "-Service" in order to run the server: {5F9AAED0-D1D9-4DBE-A1DA-FF381BC2A74B}
7/11/2009 10:38:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service Norton Ghost with arguments "" in order to run the server: {F3DC957F-00CA-4D2A-A9AD-03FA855AAE38}
7/10/2009 8:25:56 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/10/2009 8:19:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
7/10/2009 8:19:43 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
7/10/2009 8:12:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/10/2009 8:11:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/10/2009 8:11:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/10/2009 8:11:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/10/2009 8:11:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/10/2009 8:11:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/10/2009 8:10:54 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom CSC DfsC eeCtrl NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb SPBBCDrv spldr SRTSPX SymIM SYMTDI tdx Wanarpv6
7/10/2009 8:10:54 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2009 8:10:54 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2009 8:10:54 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2009 8:10:54 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2009 8:10:54 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2009 8:10:54 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2009 8:10:54 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2009 8:10:54 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2009 8:10:54 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2009 8:10:54 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2009 8:10:54 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2009 8:10:54 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2009 8:10:54 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2009 8:10:54 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2009 11:41:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
7/10/2009 11:17:12 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom eeCtrl SPBBCDrv spldr SRTSPX SYMTDI Wanarpv6=== End Of File ===========================

Edited by Maurice Naggar, 19 July 2009 - 09:50 AM.


#4 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:02 AM

Posted 19 July 2009 - 09:58 AM

Hello zona70.

I will be helping you to look for malwares & if any found, to remove them. Kindly follow my guidance and in the meantime do not do any changes/additions/ nor run anything without checking with me

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!
Posted Image
If you are a casual viewer, do NOT try this on your system!
If you are not zona70 and have a similar problem, do NOT post here; start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Posted Image Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.

Given that this is a Vista system, on most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

The version of AVG antivirus that this pc has is obsolete and out of date !! We may or may not wind up having you wipe and reload the system, depending on further diagnostic scans. The most current version of AVG AV is version 8.5
Get it installed right away. http://free.avg.com/

It does appear you have run Combofix on your own. Do not do that again, please. It is too powerful a tool to use without guidance.

In your next reply, assuming you did run it, I want a copy of C:\Combofix.txt
In case I guessed wrong, then, please do NOT run it on your own!

=

Spybot's Tea Timer must be kept OFF while we attempt to hunt & remove malwares.
Right click the Spybot Icon in the system tray (notification area).
  • If you have the new version, click once on Resident Protection and make sure it is Unchecked.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident

    If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
    Exit Spybot S&D when done and reboot the system so the changes are in effect.
=
Right click on the Ad-Watch icon in the system tray.
At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
Active: This will turn Ad-Watch On\Off without closing it.
Automatic: Suspicious activity will be blocked automatically.
Uncheck both of those boxes.

=

Start your MBAM MalwareBytes' Anti-Malware by RIGHT-CLICKING on link to MBAM and select Run as Administrator.
Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.
At this moment, the current definitions are # 2462 or later. The latest program version is 1.39 (released July 13)

When done, click the Scanner tab.
Do a Full Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Reply with copy of C:\Combofix.txt (if and only IF you ran it before)
and a copy of the latest MBAM scan log
There will be more to do later.

Edited by Maurice Naggar, 19 July 2009 - 10:12 AM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#5 zona70

zona70
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 19 July 2009 - 01:59 PM

The ability to "right-click" is impacted by the malware - I was unable to kill tea timer or launch Malwarebytes as administrator when booted in the normal manner - so I updated malwarebytes and rebooted to safe mode (where right-click works) and ran Malwarebytes as administrator. Here is the malwarebytes log as well as the log form the last Combofix run.

<Edited to place logs In-Line
ComboFix 09-07-09.08 - millernh 07/11/2009 9:05.3.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3327.2898 [GMT -7:00]
Running from: c:\users\millernh\Desktop\ComboFix.exe
AV: AVG 7.5.516 *On-access scanning disabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-11 16:09 . 2009-07-11 16:09 -------- d-----w- c:\users\Thomas\AppData\Local\temp
2009-07-11 16:09 . 2009-07-11 16:09 -------- d-----w- c:\users\Shannon\AppData\Local\temp
2009-07-11 16:09 . 2009-07-11 16:09 -------- d-----w- c:\users\Jacob\AppData\Local\temp
2009-07-11 16:09 . 2009-07-11 16:09 -------- d-----w- c:\users\Grace\AppData\Local\temp
2009-07-11 15:56 . 2009-07-11 15:56 -------- d-----w- C:\World of Warcraft 2 - Copy
2009-07-11 13:57 . 2009-07-11 13:57 -------- d-----w- c:\program files\QuickTime
2009-07-11 13:34 . 2009-07-11 16:09 -------- d-----w- c:\users\millernh\AppData\Local\temp
2009-07-11 13:11 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.067\EECTRL.SYS
2009-07-11 13:11 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.067\CCERASER.DLL
2009-07-11 13:11 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.067\ERASER.SYS
2009-07-11 13:11 . 2009-02-19 09:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.067\NAVENG.SYS
2009-07-11 13:11 . 2009-02-19 09:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.067\NAVEX15.SYS
2009-07-11 13:11 . 2009-02-19 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.067\NAVENG32.DLL
2009-07-11 13:11 . 2009-02-19 09:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.067\NAVEX32A.DLL
2009-07-11 13:11 . 2009-01-14 18:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.067\ECMSVR32.DLL
2009-07-11 13:05 . 2009-07-11 13:05 -------- d-----w- c:\users\millernh\AppData\Roaming\Malwarebytes
2009-07-11 13:05 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 13:05 . 2009-07-11 13:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-11 13:05 . 2009-07-11 13:05 -------- d-----w- c:\programdata\Malwarebytes
2009-07-11 13:05 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 03:09 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.032\EECTRL.SYS
2009-07-11 03:09 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.032\CCERASER.DLL
2009-07-11 03:09 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.032\ERASER.SYS
2009-07-11 03:09 . 2009-02-19 09:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.032\NAVENG.SYS
2009-07-11 03:09 . 2009-02-19 09:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.032\NAVEX15.SYS
2009-07-11 03:09 . 2009-02-19 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.032\NAVENG32.DLL
2009-07-11 03:09 . 2009-02-19 09:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.032\NAVEX32A.DLL
2009-07-11 03:09 . 2009-01-14 18:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.032\ECMSVR32.DLL
2009-07-10 20:11 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090709.001\Scxpx86.dll
2009-07-10 20:11 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090709.001\IDSvix86.sys
2009-07-10 20:11 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090709.001\SymIDSco.sys
2009-07-10 20:11 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090709.001\IDSxpx86.dll
2009-07-10 20:11 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090709.001\SymIDSI.dll
2009-07-10 20:11 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090709.001\IDSviA64.sys
2009-07-10 20:11 . 2009-01-03 05:18 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090709.001\IDS9xx86.dll
2009-07-10 09:35 . 2009-02-19 09:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp6223.tmp\NAVEX32A.DLL
2009-07-10 09:35 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp6223.tmp\EECTRL.SYS
2009-07-10 09:35 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp6223.tmp\CCERASER.DLL
2009-07-10 09:35 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp6223.tmp\ERASER.SYS
2009-07-10 09:35 . 2009-02-19 09:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp6223.tmp\NAVENG.SYS
2009-07-10 09:35 . 2009-02-19 09:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp6223.tmp\NAVEX15.SYS
2009-07-10 09:35 . 2009-02-19 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp6223.tmp\NAVENG32.DLL
2009-07-10 09:35 . 2009-01-14 18:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp6223.tmp\ECMSVR32.DLL
2009-07-10 09:35 . 2009-07-10 02:10 1282 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp7f34.tmp\cur.scr
2009-07-09 06:18 . 2009-07-09 06:08 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-09 06:08 . 2009-07-09 06:02 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-09 06:08 . 2009-07-09 06:08 314712 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-09 06:08 . 2009-07-09 06:08 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-09 06:08 . 2009-07-09 06:08 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-07-09 06:08 . 2009-07-09 06:08 169312 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-09 06:08 . 2009-07-09 06:08 348496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-09 06:08 . 2009-07-09 06:08 298336 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-09 06:08 . 2009-07-09 06:08 84832 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-09 06:04 . 2009-07-09 06:04 1630560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-09 06:02 . 2009-07-09 06:02 246128 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-09 06:02 . 2009-07-09 06:02 40288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-09 06:02 . 2009-07-09 06:02 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-07-09 06:02 . 2009-07-09 06:02 85352 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-09 06:02 . 2009-07-09 06:02 664424 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-09 06:02 . 2009-07-09 06:02 563064 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-09 06:01 . 2009-07-09 06:01 566632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-09 06:01 . 2009-07-09 06:01 2353480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-09 06:00 . 2009-07-09 06:00 629072 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-09 06:00 . 2009-07-09 06:00 520024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-09 06:00 . 2009-07-09 06:00 1029456 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-09 05:46 . 2009-07-09 05:46 -------- dc-h--w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-09 05:46 . 2009-03-12 08:17 2902048 -c--a-w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-07-09 05:46 . 2009-07-09 06:08 -------- d-----w- c:\programdata\Lavasoft
2009-07-09 05:46 . 2009-07-09 05:46 -------- d-----w- c:\program files\Lavasoft
2009-07-08 23:41 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090708.034\EECTRL.SYS
2009-07-08 23:41 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090708.034\CCERASER.DLL
2009-07-08 23:41 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090708.034\ERASER.SYS
2009-07-08 23:41 . 2009-02-19 09:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090708.034\NAVENG.SYS
2009-07-08 23:41 . 2009-02-19 09:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090708.034\NAVEX15.SYS
2009-07-08 23:41 . 2009-02-19 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090708.034\NAVENG32.DLL
2009-07-08 23:41 . 2009-02-19 09:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090708.034\NAVEX32A.DLL
2009-07-08 23:41 . 2009-01-14 18:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090708.034\ECMSVR32.DLL
2009-07-08 14:27 . 2009-07-08 14:27 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-07 16:59 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090707.001\Scxpx86.dll
2009-07-07 16:59 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090707.001\IDSvix86.sys
2009-07-07 16:59 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090707.001\SymIDSco.sys
2009-07-07 16:59 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090707.001\IDSxpx86.dll
2009-07-07 16:59 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090707.001\SymIDSI.dll
2009-07-07 16:59 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090707.001\IDSviA64.sys
2009-07-07 16:59 . 2009-01-03 05:18 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090707.001\IDS9xx86.dll
2009-07-06 16:44 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-06 16:44 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-06 16:33 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2009-07-06 16:33 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-07-06 16:33 . 2009-03-08 11:31 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-07-06 16:33 . 2009-03-08 11:22 156160 ----a-w- c:\windows\system32\msls31.dll
2009-07-02 06:16 . 2009-07-02 06:13 1322496 ----a-w- c:\users\millernh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Rawr.exe
2009-07-02 06:12 . 2009-07-02 06:12 -------- d-----w- c:\program files\Rawr v2.2.8
2009-07-01 15:18 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-07-01 15:18 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-27 18:14 . 2009-06-27 18:14 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-14 16:04 . 2009-06-14 16:04 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbDB38.tmp.exe
2009-06-14 03:26 . 2009-06-14 03:26 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb27F2.tmp.exe
2009-06-13 11:06 . 2009-06-13 11:06 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb92BC.tmp.exe
2009-06-12 14:21 . 2009-07-11 15:56 -------- d-----w- C:\World of Warcraft 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 14:33 . 2008-12-15 18:23 -------- d-----w- c:\programdata\Google Updater
2009-07-11 13:57 . 2007-08-24 21:05 -------- d-----w- c:\programdata\Apple Computer
2009-07-10 22:23 . 2008-02-12 00:54 -------- d-----w- c:\users\millernh\AppData\Roaming\Vso
2009-07-10 15:02 . 2008-01-14 21:44 -------- d-----w- c:\program files\Samsung
2009-07-08 21:02 . 2007-05-28 19:00 2032 ----a-w- c:\users\millernh\AppData\Local\d3d9caps.dat
2009-07-08 15:06 . 2008-04-25 15:09 -------- d-----w- c:\users\millernh\AppData\Roaming\webex
2009-07-08 15:05 . 2008-04-25 15:09 102400 ----a-w- c:\programdata\WebEx\WebEx\724\atucfobj.dll
2009-07-08 14:27 . 2007-08-20 05:05 -------- d-----w- c:\program files\Java
2009-07-02 06:13 . 2009-02-20 19:28 -------- d-----w- c:\program files\Rawr
2009-07-01 15:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-10 20:53 . 2009-06-10 13:57 -------- d-----w- c:\users\millernh\AppData\Roaming\Download Manager
2009-05-17 16:58 . 2009-05-17 16:57 -------- d-----w- c:\users\Shannon\AppData\Roaming\Ventrilo
2009-05-16 04:56 . 2009-05-16 04:56 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-04-23 12:43 . 2009-06-11 02:22 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 02:22 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-11 02:22 2033152 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-07-11_13.32.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-28 17:20 . 2009-07-11 13:42 56790 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-07-11 13:42 87878 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-05-28 17:07 . 2009-07-11 13:42 14384 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-18396214-1384600701-1715524583-1000_UserData.bin
+ 2006-11-02 13:00 . 2009-07-11 15:51 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:00 . 2009-07-11 13:09 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-07-11 15:51 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-07-11 13:09 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-07-11 13:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:00 . 2009-07-11 15:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 10:33 . 2009-07-11 13:00 595446 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-11 14:12 595446 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-11 13:00 101144 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-07-11 14:12 101144 c:\windows\System32\perfc009.dat
+ 2009-07-06 16:54 . 2009-07-11 15:51 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-06 16:54 . 2009-07-11 13:09 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-11 13:57 . 2009-07-11 13:57 8992256 c:\windows\Installer\e51c9.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-15 39408]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2003-12-17 94208]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-12-23 178176]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-10 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-08 148888]
"Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-01-10 2037088]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-09 520024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\millernh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{19934357-E5F1-4BB7-83F2-7CB44D28D23E}c:\\program files\\world of warcraft\\wow-2.1.0-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.1.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{B4CE85EE-CD72-4A9B-A048-4B6B52A9D57F}c:\\program files\\world of warcraft\\wow-2.1.0-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.1.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{F74695E6-8DEF-4C34-86E4-02A665F3077A}c:\\program files\\world of warcraft\\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe:Blizzard Downloader
"UDP Query User{9603695C-3278-449D-A260-35CB680B1BDC}c:\\program files\\world of warcraft\\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe:Blizzard Downloader
"TCP Query User{0C36DA29-5F82-4811-8717-66095200734B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7B694649-DE6A-4396-B9DE-AA25798274A0}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{89E7F0B6-8CA0-455D-AC57-DCCB11FCB7F4}c:\\program files\\world of warcraft\\wow-2.1.2.6803-to-2.1.3.6898-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-enus-downloader.exe:Blizzard Downloader
"UDP Query User{331C060E-2AF1-4436-9DC9-BC0E8A506C82}c:\\program files\\world of warcraft\\wow-2.1.2.6803-to-2.1.3.6898-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-enus-downloader.exe:Blizzard Downloader
"TCP Query User{9065F16C-66B9-48DB-89CC-2CE7581F5CC6}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{D8DFE56C-05C8-4AFE-AB17-4BCC044DD9C0}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{E79196E3-615A-494D-827E-C7D2FA78BC6D}c:\\program files\\world of warcraft\\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe:Blizzard Downloader
"UDP Query User{432D4895-6CA1-43D2-A8F5-2533A1A8A89B}c:\\program files\\world of warcraft\\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe:Blizzard Downloader
"TCP Query User{61DC3B36-CB41-4427-AB20-6E0572C2FC97}c:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe:Blizzard Downloader
"UDP Query User{A98E7A08-8AF9-415E-9533-8B5434ADE51D}c:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe:Blizzard Downloader
"TCP Query User{6BDB6110-E5DD-4C45-A906-6D7FAE349C80}c:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe:Blizzard Downloader
"UDP Query User{E5D795AB-D158-424F-B501-486FC90BF04A}c:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe:Blizzard Downloader
"TCP Query User{61A4BA2F-95A2-42A4-B6DD-998634AA8E36}c:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader
"UDP Query User{C2FB27FE-E0B6-4B4D-9D2C-86ECD1C8A5D1}c:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [7/8/2009 11:08 PM 64160]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [12/17/2003 3:41 PM 5632]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090709.001\IDSvix86.sys [7/10/2009 1:11 PM 272432]
S2 gupdate1c95ee2764be6f1;Google Update Service (gupdate1c95ee2764be6f1);c:\program files\Google\Update\GoogleUpdate.exe [12/15/2008 11:25 AM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1029456]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 12:37 PM 149352]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [11/6/2007 1:22 PM 34064]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [5/4/2009 8:15 AM 1153368]
S2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [1/14/2008 2:45 PM 5120]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [1/12/2008 7:32 PM 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/27/2009 3:02 AM 101936]
S3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [5/25/2005 11:39 AM 4608]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 11:31 AM 41008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 06:01]

2009-07-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-22 02:02]

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-15 06:17]

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-15 06:17]

2009-07-11 c:\windows\Tasks\User_Feed_Synchronization-{3C51EF1C-802F-4830-ADDC-BF0F2D61B832}.job
- c:\windows\system32\msfeedssync.exe [2009-07-06 11:31]

2009-07-10 c:\windows\Tasks\User_Feed_Synchronization-{43879FAA-4C13-44D1-9D69-D64868B5B343}.job
- c:\windows\system32\msfeedssync.exe [2009-07-06 11:31]
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: ameritrade.com
Trusted Zone: ameritrade.com\wwws
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 09:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-11 9:11
ComboFix-quarantined-files.txt 2009-07-11 16:10
ComboFix2.txt 2009-07-11 14:20
ComboFix3.txt 2009-07-11 13:34

Pre-Run: 156,197,752,832 bytes free
Post-Run: 156,045,942,784 bytes free

282 --- E O F --- 2009-07-06 16:44

Other Combofix log
ComboFix 09-07-09.08 - millernh 07/11/2009 6:27.1.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3327.2145 [GMT -7:00]
Running from: c:\users\millernh\Desktop\ComboFix.exe
AV: AVG 7.5.516 *On-access scanning disabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\windows\Installer\4f00897.msi
c:\windows\system32\Ijl11.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-11 13:32 . 2009-07-11 13:32 -------- d-----w- c:\users\millernh\AppData\Local\temp
2009-07-11 13:25 . 2009-07-11 13:25 6736 ----a-w- c:\windows\system32\drivers\PROCEXP90.SYS
2009-07-11 13:11 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.067\EECTRL.SYS
2009-07-11 13:11 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.067\CCERASER.DLL
2009-07-11 13:11 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.067\ERASER.SYS
2009-07-11 13:11 . 2009-02-19 09:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.067\NAVENG.SYS
2009-07-11 13:11 . 2009-02-19 09:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.067\NAVEX15.SYS
2009-07-11 13:11 . 2009-02-19 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.067\NAVENG32.DLL
2009-07-11 13:11 . 2009-02-19 09:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.067\NAVEX32A.DLL
2009-07-11 13:11 . 2009-01-14 18:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.067\ECMSVR32.DLL
2009-07-11 13:05 . 2009-07-11 13:05 -------- d-----w- c:\users\millernh\AppData\Roaming\Malwarebytes
2009-07-11 13:05 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 13:05 . 2009-07-11 13:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-11 13:05 . 2009-07-11 13:05 -------- d-----w- c:\programdata\Malwarebytes
2009-07-11 13:05 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 03:09 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.032\EECTRL.SYS
2009-07-11 03:09 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.032\CCERASER.DLL
2009-07-11 03:09 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.032\ERASER.SYS
2009-07-11 03:09 . 2009-02-19 09:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.032\NAVENG.SYS
2009-07-11 03:09 . 2009-02-19 09:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.032\NAVEX15.SYS
2009-07-11 03:09 . 2009-02-19 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.032\NAVENG32.DLL
2009-07-11 03:09 . 2009-02-19 09:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.032\NAVEX32A.DLL
2009-07-11 03:09 . 2009-01-14 18:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090710.032\ECMSVR32.DLL
2009-07-10 20:11 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090709.001\Scxpx86.dll
2009-07-10 20:11 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090709.001\IDSvix86.sys
2009-07-10 20:11 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090709.001\SymIDSco.sys
2009-07-10 20:11 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090709.001\IDSxpx86.dll
2009-07-10 20:11 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090709.001\SymIDSI.dll
2009-07-10 20:11 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090709.001\IDSviA64.sys
2009-07-10 20:11 . 2009-01-03 05:18 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090709.001\IDS9xx86.dll
2009-07-10 09:35 . 2009-02-19 09:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp6223.tmp\NAVEX32A.DLL
2009-07-10 09:35 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp6223.tmp\EECTRL.SYS
2009-07-10 09:35 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp6223.tmp\CCERASER.DLL
2009-07-10 09:35 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp6223.tmp\ERASER.SYS
2009-07-10 09:35 . 2009-02-19 09:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp6223.tmp\NAVENG.SYS
2009-07-10 09:35 . 2009-02-19 09:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp6223.tmp\NAVEX15.SYS
2009-07-10 09:35 . 2009-02-19 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp6223.tmp\NAVENG32.DLL
2009-07-10 09:35 . 2009-01-14 18:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp6223.tmp\ECMSVR32.DLL
2009-07-10 09:35 . 2009-07-10 02:10 1282 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp7f34.tmp\cur.scr
2009-07-09 06:18 . 2009-07-09 06:08 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-09 06:08 . 2009-07-09 06:02 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-09 06:08 . 2009-07-09 06:08 314712 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-09 06:08 . 2009-07-09 06:08 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-09 06:08 . 2009-07-09 06:08 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-07-09 06:08 . 2009-07-09 06:08 169312 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-09 06:08 . 2009-07-09 06:08 348496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-09 06:08 . 2009-07-09 06:08 298336 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-09 06:08 . 2009-07-09 06:08 84832 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-09 06:04 . 2009-07-09 06:04 1630560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-09 06:02 . 2009-07-09 06:02 246128 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-09 06:02 . 2009-07-09 06:02 40288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-09 06:02 . 2009-07-09 06:02 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-07-09 06:02 . 2009-07-09 06:02 85352 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-09 06:02 . 2009-07-09 06:02 664424 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-09 06:02 . 2009-07-09 06:02 563064 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-09 06:01 . 2009-07-09 06:01 566632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-09 06:01 . 2009-07-09 06:01 2353480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-09 06:00 . 2009-07-09 06:00 629072 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-09 06:00 . 2009-07-09 06:00 520024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-09 06:00 . 2009-07-09 06:00 1029456 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-09 05:46 . 2009-07-09 05:46 -------- dc-h--w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-09 05:46 . 2009-03-12 08:17 2902048 -c--a-w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-07-09 05:46 . 2009-07-09 06:08 -------- d-----w- c:\programdata\Lavasoft
2009-07-09 05:46 . 2009-07-09 05:46 -------- d-----w- c:\program files\Lavasoft
2009-07-08 23:41 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090708.034\EECTRL.SYS
2009-07-08 23:41 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090708.034\CCERASER.DLL
2009-07-08 23:41 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090708.034\ERASER.SYS
2009-07-08 23:41 . 2009-02-19 09:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090708.034\NAVENG.SYS
2009-07-08 23:41 . 2009-02-19 09:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090708.034\NAVEX15.SYS
2009-07-08 23:41 . 2009-02-19 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090708.034\NAVENG32.DLL
2009-07-08 23:41 . 2009-02-19 09:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090708.034\NAVEX32A.DLL
2009-07-08 23:41 . 2009-01-14 18:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090708.034\ECMSVR32.DLL
2009-07-08 14:27 . 2009-07-08 14:27 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-07 16:59 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090707.001\Scxpx86.dll
2009-07-07 16:59 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090707.001\IDSvix86.sys
2009-07-07 16:59 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090707.001\SymIDSco.sys
2009-07-07 16:59 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090707.001\IDSxpx86.dll
2009-07-07 16:59 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090707.001\SymIDSI.dll
2009-07-07 16:59 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090707.001\IDSviA64.sys
2009-07-07 16:59 . 2009-01-03 05:18 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090707.001\IDS9xx86.dll
2009-07-06 16:44 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-06 16:44 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-06 16:33 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2009-07-06 16:33 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-07-06 16:33 . 2009-03-08 11:31 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-07-06 16:33 . 2009-03-08 11:22 156160 ----a-w- c:\windows\system32\msls31.dll
2009-07-02 06:16 . 2009-07-02 06:13 1322496 ----a-w- c:\users\millernh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Rawr.exe
2009-07-02 06:12 . 2009-07-02 06:12 -------- d-----w- c:\program files\Rawr v2.2.8
2009-07-01 15:18 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-07-01 15:18 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-27 18:14 . 2009-06-27 18:14 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-14 16:04 . 2009-06-14 16:04 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbDB38.tmp.exe
2009-06-14 03:26 . 2009-06-14 03:26 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb27F2.tmp.exe
2009-06-13 11:06 . 2009-06-13 11:06 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb92BC.tmp.exe
2009-06-12 14:21 . 2009-07-10 20:56 -------- d-----w- C:\World of Warcraft 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 22:23 . 2008-02-12 00:54 -------- d-----w- c:\users\millernh\AppData\Roaming\Vso
2009-07-10 15:02 . 2008-01-14 21:44 -------- d-----w- c:\program files\Samsung
2009-07-10 13:32 . 2008-12-15 18:23 -------- d-----w- c:\programdata\Google Updater
2009-07-08 21:02 . 2007-05-28 19:00 2032 ----a-w- c:\users\millernh\AppData\Local\d3d9caps.dat
2009-07-08 15:06 . 2008-04-25 15:09 -------- d-----w- c:\users\millernh\AppData\Roaming\webex
2009-07-08 15:05 . 2008-04-25 15:09 102400 ----a-w- c:\programdata\WebEx\WebEx\724\atucfobj.dll
2009-07-08 14:27 . 2007-08-20 05:05 -------- d-----w- c:\program files\Java
2009-07-02 06:13 . 2009-02-20 19:28 -------- d-----w- c:\program files\Rawr
2009-07-01 15:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-10 20:53 . 2009-06-10 13:57 -------- d-----w- c:\users\millernh\AppData\Roaming\Download Manager
2009-05-17 16:58 . 2009-05-17 16:57 -------- d-----w- c:\users\Shannon\AppData\Roaming\Ventrilo
2009-05-16 04:56 . 2009-05-16 04:56 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-04-23 12:43 . 2009-06-11 02:22 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 02:22 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-11 02:22 2033152 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-15 39408]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2003-12-17 94208]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-12-23 178176]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-10 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-08 148888]
"Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-01-10 2037088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-09 520024]

c:\users\millernh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{19934357-E5F1-4BB7-83F2-7CB44D28D23E}c:\\program files\\world of warcraft\\wow-2.1.0-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.1.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{B4CE85EE-CD72-4A9B-A048-4B6B52A9D57F}c:\\program files\\world of warcraft\\wow-2.1.0-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.1.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{F74695E6-8DEF-4C34-86E4-02A665F3077A}c:\\program files\\world of warcraft\\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe:Blizzard Downloader
"UDP Query User{9603695C-3278-449D-A260-35CB680B1BDC}c:\\program files\\world of warcraft\\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-enus-downloader.exe:Blizzard Downloader
"TCP Query User{0C36DA29-5F82-4811-8717-66095200734B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7B694649-DE6A-4396-B9DE-AA25798274A0}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{89E7F0B6-8CA0-455D-AC57-DCCB11FCB7F4}c:\\program files\\world of warcraft\\wow-2.1.2.6803-to-2.1.3.6898-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-enus-downloader.exe:Blizzard Downloader
"UDP Query User{331C060E-2AF1-4436-9DC9-BC0E8A506C82}c:\\program files\\world of warcraft\\wow-2.1.2.6803-to-2.1.3.6898-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-enus-downloader.exe:Blizzard Downloader
"TCP Query User{9065F16C-66B9-48DB-89CC-2CE7581F5CC6}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{D8DFE56C-05C8-4AFE-AB17-4BCC044DD9C0}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{E79196E3-615A-494D-827E-C7D2FA78BC6D}c:\\program files\\world of warcraft\\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe:Blizzard Downloader
"UDP Query User{432D4895-6CA1-43D2-A8F5-2533A1A8A89B}c:\\program files\\world of warcraft\\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-enus-downloader.exe:Blizzard Downloader
"TCP Query User{61DC3B36-CB41-4427-AB20-6E0572C2FC97}c:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe:Blizzard Downloader
"UDP Query User{A98E7A08-8AF9-415E-9533-8B5434ADE51D}c:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe:Blizzard Downloader
"TCP Query User{6BDB6110-E5DD-4C45-A906-6D7FAE349C80}c:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe:Blizzard Downloader
"UDP Query User{E5D795AB-D158-424F-B501-486FC90BF04A}c:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe:Blizzard Downloader
"TCP Query User{61A4BA2F-95A2-42A4-B6DD-998634AA8E36}c:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader
"UDP Query User{C2FB27FE-E0B6-4B4D-9D2C-86ECD1C8A5D1}c:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [7/8/2009 11:08 PM 64160]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [12/17/2003 3:41 PM 5632]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090709.001\IDSvix86.sys [7/10/2009 1:11 PM 272432]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1029456]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 12:37 PM 149352]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [11/6/2007 1:22 PM 34064]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [5/4/2009 8:15 AM 1153368]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [1/14/2008 2:45 PM 5120]
R3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [1/12/2008 7:32 PM 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/27/2009 3:02 AM 101936]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 11:31 AM 41008]
S2 gupdate1c95ee2764be6f1;Google Update Service (gupdate1c95ee2764be6f1);c:\program files\Google\Update\GoogleUpdate.exe [12/15/2008 11:25 AM 133104]
S3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [5/25/2005 11:39 AM 4608]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 06:01]

2009-07-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-22 02:02]

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-15 06:17]

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-15 06:17]

2009-07-11 c:\windows\Tasks\User_Feed_Synchronization-{3C51EF1C-802F-4830-ADDC-BF0F2D61B832}.job
- c:\windows\system32\msfeedssync.exe [2009-07-06 11:31]

2009-07-10 c:\windows\Tasks\User_Feed_Synchronization-{43879FAA-4C13-44D1-9D69-D64868B5B343}.job
- c:\windows\system32\msfeedssync.exe [2009-07-06 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: ameritrade.com
Trusted Zone: ameritrade.com\wwws
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 06:32
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-11 6:34
ComboFix-quarantined-files.txt 2009-07-11 13:34

Pre-Run: 155,171,205,120 bytes free
Post-Run: 156,473,106,432 bytes free

257 --- E O F --- 2009-07-06 16:44

Mbam Log
Malwarebytes' Anti-Malware 1.39
Database version: 2462
Windows 6.0.6001 Service Pack 1

7/19/2009 11:22:04 AM
mbam-log-2009-07-19 (11-22-04).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 359664
Time elapsed: 45 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected) N.B. @ Zona70
Do NOT attach any log files I request. Always Copy and then Paste contents of reports In-Line (within the body of Reply box) .
Thanks

Edited by Maurice Naggar, 19 July 2009 - 03:53 PM.


#6 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:02 AM

Posted 19 July 2009 - 03:41 PM

If you were unable to turn off Tea Timer, then I'm going to ask you to de-install Spybot and after, logoff & restart system and confirm spybot removal in a reply.
Meantime, I'll start looking at your last logs.

N.B. @ Zona70
Do NOT attach any log files I request. Always Copy and then Paste contents of reports In-Line (within the body of Reply box) . Thanks

Edited by Maurice Naggar, 19 July 2009 - 03:55 PM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#7 zona70

zona70
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 19 July 2009 - 04:37 PM

If you were unable to turn off Tea Timer, then I'm going to ask you to de-install Spybot and after, logoff & restart system and confirm spybot removal in a reply.
Meantime, I'll start looking at your last logs.

N.B. @ Zona70
Do NOT attach any log files I request. Always Copy and then Paste contents of reports In-Line (within the body of Reply box) . Thanks



When running in safe mode Tea Timer is inactive. Regardless - I will remove SB S&D and restart now.

#8 zona70

zona70
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 19 July 2009 - 04:44 PM

SpyBot S&D and AdAware removed and reboot completed.

#9 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:02 AM

Posted 19 July 2009 - 05:02 PM

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!
Posted Image
If you are a casual viewer, do NOT try this on your system!
If you are not zona70 and have a similar problem, do NOT post here; start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Posted Image Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.

I realize you said, you are unable to use Right-clicking, but do your dardnest to do so.
Reminder:
Given that this is a Vista system, on most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Let's have you advise us as to why you have both Norton AV (as you stated) and also an old AVG version.
Is your susbscription to Norton/Symantec current? expired ? or was this a trial edition or the one that came originally with your pc?
If you do not have a current subscription, then un-install Norton and restart your system, and get AVG version 8.5 installed (if that is what you decided on).
But you cannot be running 2 antivirus apps atthe same time. That leads to conflicts and deadly gridlock.

If your susbscription to Norton is current (license has not expired), then.... un-install AVG and restart system.

Then confirm what you have done for me in a reply pronto!

=
Next, this is an attempt to trim down the apps auto-loaded with Windows startup. By the way, on Vista systems, it is not recommended to enable Spybot's Tea Timer.
  • Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe
  • Please RIGHT-click OTL.exe Posted Image and select Run As Administrator to start it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler
    
    :reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Ad-Watch"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"=-
    
    :Commands
    [purity]
    [emptytemp]
    [reboot]
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

=

Download RootRepeal:
http://rootrepeal.googlepages.com/RootRepeal.zip
  • Extract the archive to a folder you create such as C:\RootRepeal
  • RIGHT-click RootRepeal.exe and select Run as Administrator to launch the program
  • Click the "Files" tab (located at the bottom of the RootRepeal screen)
    Look at the Select Drives window.
  • In the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:
    If there are other drives listed besides C: drive, make sure all have a checkmark and click OK.
  • Click the "Scan" button
  • Click OK and the file scan will begin
  • When the scan is done, there will be files listed, but most if not all of them will be legitimate
  • Click the "Save Report" Button
  • Save the log file to your Documents folder
  • Post the content of the RootRepeal file scan log in your next reply.
Reply with copy IN-LINE (do NOT use attach option) of
OTL MovedFiles log
the RootRepeal log

Edited by Maurice Naggar, 19 July 2009 - 05:06 PM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#10 zona70

zona70
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 19 July 2009 - 05:14 PM

I had forgotton about AVG. I am currently running Norton with current license and subscription. The product is Norton 360 v2.5.0.5 with protection updates from 7/19/09. I assume I can remove the old AVG?

#11 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:02 AM

Posted 19 July 2009 - 05:26 PM

YES, remove AVG, then Logoff and Restart the system fresh.
Then finish up the items I asked for.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#12 zona70

zona70
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 19 July 2009 - 06:04 PM

Root Repealer Log....

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/19 16:02
Program Version: Version 1.3.2.0
Windows Version: Windows Vista SP1
==================================================

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{5e502791-747b-11de-8531-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6054b15e-7165-11de-90b2-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6054b196-7165-11de-90b2-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{71aab7b3-717f-11de-bbef-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d5453006-735c-11de-baad-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d5453013-735c-11de-baad-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e20cbc3f-6e91-11de-9bc5-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e20cbc6e-6e91-11de-9bc5-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e20cbcc6-6e91-11de-9bc5-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\System32\MPEG2D~1.AX
Status: Locked to the Windows API!

Path: c:\programdata\symantec\spbbc\shl_{03a44ea7-3ad7-41af-a690-f1a11be0ac59}.ldb
Status: Allocation size mismatch (API: 64, Raw: 0)

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61305e07e4f1bc01.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_5c94f2bbe7d4aaf6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_cs-cz_d9f4bc64420b8d63\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_da-dk_772e9c8b38518962\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_de-de_745a31c73a27ddfc\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_el-gr_1cf05f5a293d468a\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_en-us_1d4b07c02905e9c1\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_es-es_1d1664a4292cdb66\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_bfcddaa31bfef1c8\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_hu-hu_073e5aeb005ec0e4\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_it-it_a9f5d0e9f330d746\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_ja-jp_4c1b4ff6e64be921\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_ko-kr_ef852cabd8bcb037\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_nb-no_d817ade0b0e1dbf3\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_d656f91eb20de5c8\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_pt-br_1ee73e4495b9e760\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_pt-pt_1fc90db09529573c\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_ru-ru_666c1f747a0ae568\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_sv-se_026709e97133efc3\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_tr-tr_ab7454305feff1b4\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_zh-cn_7cd1722e1027c3d3\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_zh-hk_7b7c6abc11033663\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_da-dk_10c2bcd25a6f45eb\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_de-de_0dee520e5c459a85\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_el-gr_b6847fa14b5b0313\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_en-us_b6df28074b23a64a\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_es-es_b6aa84eb4b4a97ef\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_fi-fi_55c5899840648a19\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_5961faea3e1cae51\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_fi-fi_bc3169511e46cd90\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_pl-pl_1c9353a09730537c\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_zh-tw_80cdaf840d98a043\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_it-it_4389f131154e93cf\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_ja-jp_e5af703e0869a5aa\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_ko-kr_89194cf2fada6cc0\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_nb-no_71abce27d2ff987c\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_6feb1965d42ba251\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_pl-pl_b62773e7b94e1005\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_pt-br_b87b5e8bb7d7a3e9\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_ru-ru_00003fbb9c28a1f1\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_sv-se_9bfb2a309351ac4c\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_tr-tr_45087477820dae3d\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_zh-cn_166592753245805c\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_zh-hk_15108b033320f2ec\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_zh-tw_1a61cfcb2fb65ccc\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_el-gr_9c85d8321884ca1a\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_ko-kr_6f1aa583c80433c7\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_cs-cz_598a353c315310f3\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_da-dk_f6c4156327990cf2\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_de-de_f3efaa9f296f618c\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_en-us_9ce08098184d6d51\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_es-es_9cabdd7c18745ef6\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_fi-fi_3bc6e2290d8e5120\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_3f63537b0b467558\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_hu-hu_86d3d3c2efa64474\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_it-it_298b49c1e2785ad6\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_ja-jp_cbb0c8ced5936cb1\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_nb-no_57ad26b8a0295f83\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_55ec71f6a1556958\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_pl-pl_9c28cc788677d70c\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_pt-br_9e7cb71c85016af0\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_pt-pt_9f5e86888470dacc\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_ru-ru_e601984c695268f8\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_sv-se_81fc82c1607b7353\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_zh-cn_fc66eb05ff6f4763\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_zh-hk_fb11e394004ab9f3\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_zh-tw_0063285bfce023d3\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_tr-tr_2b09cd084f377544\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_pt-pt_b95d2df7b74713c5\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18115_none_dbf76b9657133c48\MPEG2D~1.AX
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-sys_data_oraclient_perfcoun_b03f5f7f11d50a3a_6.0.6000.16720_none_85fe1e046d872951\_DATAO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-sys_data_oraclient_perfcoun_b03f5f7f11d50a3a_6.0.6000.16720_none_85fe1e046d872951\_DATAO~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-sys_data_oraclient_perfcoun_b03f5f7f11d50a3a_6.0.6000.20883_none_6f3634a887296e44\_DATAO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-sys_data_oraclient_perfcoun_b03f5f7f11d50a3a_6.0.6000.20883_none_6f3634a887296e44\_DATAO~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-sys_data_oraclient_perfcoun_b03f5f7f11d50a3a_6.0.6001.18000_none_85d8195c6dda02a9\_DATAO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-sys_data_oraclient_perfcoun_b03f5f7f11d50a3a_6.0.6001.18000_none_85d8195c6dda02a9\_DATAO~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-sys_data_oraclient_perfcoun_b03f5f7f11d50a3a_6.0.6001.18111_none_85d902ba6dd935f2\_DATAO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-sys_data_oraclient_perfcoun_b03f5f7f11d50a3a_6.0.6001.18111_none_85d902ba6dd935f2\_DATAO~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-sys_data_oraclient_perfcoun_b03f5f7f11d50a3a_6.0.6001.22230_none_6f0d7356877eaf05\_DATAO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-sys_data_oraclient_perfcoun_b03f5f7f11d50a3a_6.0.6001.22230_none_6f0d7356877eaf05\_DATAO~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_3432eb0d0dced274\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_3477a7282720b488\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_35b5d7ed0b402f09\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_36a2c67e2413032f\_SMSVC~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_f87832f6f02b1a0c\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_f8bcef12097cfc20\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_f9fb1fd6ed9c76a1\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_fae80e68066f4ac7\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_c1843fad322b4004\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_c1c8fbc84b7d2218\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_c3072c8d2f9c9c99\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_c3f41b1e486f70bf\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_b25b01638e2dbfa3\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_b29fbd7ea77fa1b7\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_b3ddee438b9f1c38\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_b4cadcd4a471f05e\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6000.16708_none_319b7f14a2b4f78c\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6000.20864_none_31e03b2fbc06d9a0\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6000.16708_none_71e62ab9fe238fad\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6000.20864_none_722ae6d5177571c1\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.18096_none_73691799fb94ec42\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.22208_none_7456062b1467c068\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_cs-cz_7388dcab642949ec\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_hu-hu_a0d27b32227c7d6d\BOOTMG~1.MUI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18061_none_dbbd58ec573f657a\MPEG2D~1.AX
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_327d8a120fc221cc\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_1bb1faae29679adf\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18111_none_f54bc5de15a89323\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.22230_none_de80367a2f4e0c36\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7b4eba45cecd6936\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.20883_none_6486d0e9e86fae29\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7b299efbcf1f75d7\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.22230_none_645e0f97e8c4eeea\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_790a818ba8d7de5d\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_7a48b2508cf758de\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_7b35a0e1a5ca2d04\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_7aa059d88e5323b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_7ae515f3a7a505c4\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_7c2346b88bc48045\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_7d103549a497546b\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_c8df4fb390304286\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_c9240bcea982249a\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_ca623c938da19f1b\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_cb4f2b24a6747341\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_c4f661e592b1c88e\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_c53b1e00ac03aaa2\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_c6794ec590232523\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_c7663d56a8f5f949\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_cab9e41b8efd69ed\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_cafea036a84f4c01\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_cc3cd0fb8c6ec682\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_cd29bf8ca5419aa8\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_4180b46a5c473b6d\_SMSVC~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_41c5708575991d81\_SMSVC~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_4303a14a59b89802\_SMSVC~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_43f08fdb728b6c28\_SMSVC~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_325856a50f01ab0d\_SMSVC~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_329d12c028538d21\_SMSVC~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6001.18096_none_331e6bf4a0265421\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6001.22208_none_340b5a85b8f92847\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_c71adcbf2e98b7f5\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_c75f98da47ea9a09\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_c89dc99f2c0a148a\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_c98ab83044dce8b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.16708_none_9958372092944487\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.20864_none_999cf33babe6269b\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.18096_none_9adb24009005a11c\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.22208_none_9bc81291a8d87542\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.16708_none_23cb592eb6e076f6\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.20864_none_24101549d032590a\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.18096_none_254e460eb451d38b\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.22208_none_263b349fcd24a7b1\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_33db43850c7307a2\_SMSVC~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_34c832162545dbc8\_SMSVC~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_2e6f68d711833115\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_2eb424f22ad51329\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_2ff255b70ef48daa\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_30df444827c761d0\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.16708_none_7fdeb5cb1f6006f4\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.20864_none_802371e638b1e908\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.18096_none_8161a2ab1cd16389\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.22208_none_824e913c35a437af\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18254_none_dbcb2d8257348fdc\MPEG2D~1.AX
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for Oracle\_DATAO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for Oracle\0000\_DATAO~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\inf\Windows Workflow Foundation 3.0.0.0\0000\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PRESEN~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Microsoft-Windows-Backup.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Locked to the Windows API!

Path: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
Status: Could not get file information (Error 0xc0000008)

Path: c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\systemindex.crwl449.gthr
Status: Allocation size mismatch (API: 424, Raw: 0)

Path: c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010016.ci
Status: Size mismatch (API: 24576, Raw: 65536)

Path: c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\indexer\cifiles\00010016.dir
Status: Size mismatch (API: 4096, Raw: 65536)

Path: E:\System Volume Information\{a1c1d943-4297-11de-bcd5-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{cfcf4742-6dd9-11de-a6c8-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{d18465e7-5d9e-11de-91a8-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{d184663c-5d9e-11de-91a8-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{d5453005-735c-11de-baad-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{d5453014-735c-11de-baad-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{e20cbc3e-6e91-11de-9bc5-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{e20cbc6f-6e91-11de-9bc5-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{e20cbcc5-6e91-11de-9bc5-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{806f86a7-4946-11de-af4c-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{461d1407-6a4d-11de-856c-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{4f7ad81e-5f31-11de-959a-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{4f7ad88f-5f31-11de-959a-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{58d18250-40ef-11de-aca5-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{806f8700-4946-11de-af4c-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{806f876a-4946-11de-af4c-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{806f87c9-4946-11de-af4c-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{806f8812-4946-11de-af4c-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{806f8888-4946-11de-af4c-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{806f890f-4946-11de-af4c-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{806f8953-4946-11de-af4c-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{b45cdb11-6742-11de-a205-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{b45cdbca-6742-11de-a205-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{c1b8552e-6d11-11de-a414-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{c1b85579-6d11-11de-a414-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{c1b8559d-6d11-11de-a414-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{cf285f5e-639a-11de-be6d-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{cf285fb8-639a-11de-be6d-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{cf28603e-639a-11de-be6d-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{cf2860c0-639a-11de-be6d-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{cf286106-639a-11de-be6d-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{cf28618e-639a-11de-be6d-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{6e9120fe-5670-11de-b0c5-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{6e912160-5670-11de-b0c5-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{6e9121c2-5670-11de-b0c5-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{6e912232-5670-11de-b0c5-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{71aab7b2-717f-11de-bbef-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{806f8612-4946-11de-af4c-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{806f867e-4946-11de-af4c-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{19da533a-6c4f-11de-a212-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{227522a9-60f1-11de-aa56-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{2275232d-60f1-11de-aa56-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{22752397-60f1-11de-aa56-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{2f87e5d1-5452-11de-a6e2-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{5e502790-747b-11de-8531-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{6054b15d-7165-11de-90b2-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{6054b195-7165-11de-90b2-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{62a51939-5a00-11de-91bc-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{62a519aa-5a00-11de-91bc-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{675958db-43cb-11de-8974-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{67595941-43cb-11de-8974-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{675959ef-43cb-11de-8974-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{67595a4c-43cb-11de-8974-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{67595ac5-43cb-11de-8974-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{67595b55-43cb-11de-8974-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{67595bbe-43cb-11de-8974-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{8d730961-5b8d-11de-a299-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{8d7309bb-5b8d-11de-a299-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{92162602-436b-11de-bac0-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{01d09891-5547-11de-b0a2-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{01d099b9-5547-11de-b0a2-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{01d099c5-5547-11de-b0a2-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{06b745cf-6d65-11de-9761-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{06dcf993-68f3-11de-987a-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{0cbdcae0-6bca-11de-982c-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: E:\System Volume Information\{141bd31f-4303-11de-adb8-00508d9d96bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!










OTL LOG
All processes killed
========== FILES ==========
File\Folder C:\recycler not found.
File\Folder D:\recycler not found.
File\Folder e:\recycler not found.
File\Folder f:\recycler not found.
g:\RECYCLER\S-1-5-21-872414235-1916178436-3857524245-1832 moved successfully.
g:\RECYCLER moved successfully.
File\Folder h:\recycler not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Ad-Watch not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Grace
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1005 bytes

User: Jacob
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 737 bytes
->Java cache emptied: 26324 bytes

User: millernh
->Temp folder emptied: 92978 bytes
->Temporary Internet Files folder emptied: 40630287 bytes
->Java cache emptied: 16631032 bytes
->Google Chrome cache emptied: 7311458 bytes

User: Public

User: Shannon
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 540542 bytes
->Java cache emptied: 13601968 bytes

User: Thomas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 804 bytes
->Java cache emptied: 1607427 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\JET62E6.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 76.72 mb


OTL by OldTimer - Version 3.0.9.2 log created on 07192009_152803

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JET62E6.tmp not found!

Registry entries deleted on Reboot...

#13 zona70

zona70
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 19 July 2009 - 06:22 PM

OK - have been digging for AVG and am not finding it. I found a couple of very old installation executables which I deleted - but I doubt this is what you were referencing. I'll continue to dig.

#14 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:02 AM

Posted 19 July 2009 - 07:42 PM

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

1) Get and run the AVG Remover Tool
http://www.grisoft.com/download-tools

During the removal procedure you will be asked to restart your computer. Therefore please make sure to finish your work and to save all important data prior to AVG Remover launch.


2) Next, Right-Click the link/shortcut to Internet Explorer and select Run as Administrator

Using Internet Explorer browser only, go to ESET Online Scanner website:
http://www.eset.com/onlinescan/
  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad or Wordpad.

The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://www.eset.com/onlinescan/cac4.php?page=faq
  • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
    Otherwise the scan will take twice as long to do:
    everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
3) Next, Please download and run the Trend Micro Sysclean Package on your computer.
NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.
  • Create a brand new folder to copy these files to.
  • As an example: C:\DCE
  • Then open each of the zipped archive files and copy their contents to C:\DCE
  • Copy the file sysclean.com to the new folder C:\DCE as well.
  • Double-click on the file sysclean.com that is in the C:\DCE folder and follow the on-screen instructions.

    After doing all of this, please post back your results, including the log file sysclean.log that will be left behind by sysclean.
How To Use Compressed (Zipped) Folders in Windows XP
Compress and uncompress files (zip files) in Vista

Reply with copy of the Eset scan log
and the Sysclean log
and tell me, How is your system now ?
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#15 zona70

zona70
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 20 July 2009 - 02:12 AM

ESET Scanner found nothing - running the other overnight...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users