1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

IE problems

Discussion in 'Malware and Virus Removal Archive' started by keith 1000, 2008/03/11.

Thread Status:
Not open for further replies.
  1. 2008/03/11
    keith 1000

    keith 1000 Inactive Thread Starter

    Joined:
    2006/10/23
    Messages:
    72
    Likes Received:
    0
    Hi guys!
    Its been a while but I'm back again, with a new computer, (amd dual core 4400, with Vista home premium) and a new problem.
    I have reason to believe I may have a small attacker. I've just been noticing little things like programs that stop working and most of all IE shuts down when I log into FACEBOOK and only facebook (weird).
    So like everybody else here is a copy of HJT hope you can help me
    thanks keith:D
    P.S. does this version of HJT work ok with Vista????

    Logfile of HijackThis v1.99.1
    Scan saved at 11:21:12 AM, on 11/03/2008
    Platform: Unknown Windows (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Acer\Empowering Technology\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\IncrediMail\bin\ImNotfy.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Keith\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1202163755.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe "
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [tempreg] regsvr32 /s "C:\Program Files\Helper\1202163755.dll "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe "
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix:
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
     
    Last edited: 2008/03/11
    keith 1000,
    #1
  2. 2008/03/11
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi keith 1000
    Welcome back :(

    OK we need to do a few things here.

    Having any p2p file sharing apps such as Limewire, BitTorrent uTorrent etc.. is almost like inviting malware into your computer. There is absolutely no way for you to know which of the hundreds of thousands of users you are sharing files with are infected or not.
    I strongly recommend removing any P2P applications.


    Please delete the HJT that you have and install this one.

    Download a copy of HijackThis installer from here and save it to your Desktop.

    1. Save HJTInstall.exe to your desktop.
    2. Double-click on the HJTintall.exe icon on your desktop.
      (Let it install to the default location C:\Program Files\Hijackthis)
    3. Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    4. Put a check by Create a desktop icon and then click Next again.
    5. Continue to follow the rest of the prompts from there.
    6. At the final dialogue box click Finish and it will launch HijackThis.

    Close HJT for now.

    Now, please navigate to this file

    C:\Windows\system32\ActiveToolBand.dll

    Right click on it and select properties
    On the Genral tab please note the size of the file
    On the Version tab please note the company name.

    Please let me know what they say.


    Now do this, make sure you follow the Vista instructions and to disable Real Time protections while running the tool.


    Download ComboFix from [color= "Red"]Here[/color] to your Desktop.

    It's best to disable realtime protection applications as they sometimes interfere with the tool.
    Check this link for any applicable programs you may have.
    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • Vista users right click Combofix.exe and select Run As Administrator.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

    Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

    Please post the Combofix log and let me know what the info was on that file.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2008/03/11
    keith 1000

    keith 1000 Inactive Thread Starter

    Joined:
    2006/10/23
    Messages:
    72
    Likes Received:
    0
    hi geri
    nice to work with you again
    first. as far as p2p software i do, do some downloading i know its never safe but it is the chance we take all of us billions of people, i don't have lime wire anymore and use torrent sites for downloading, and bittorrent for the torrent loader, i do try to be safe and scan everything i download.

    2nd. i don't think it shows in any of these scans but i'm running like a 300 gig HDD with a XP dual boot, now would a virus from say the XP boot affect my Vista installation????

    3, the file you ask about says it comes from a company HiTRUST Ver 3.0.0.2, size is 292 kb.

    4, i think i disabled everythig before the combo scan so i hope its all good, except i have a problem you said to right click and run as administrator, well i got carried away and went ahead and double clicked it as normal and by the time i realized it, it was to late. so when it completed i tried to run it again as admin. and it wont let me. it says something about changinging the name or somthing and to pick another name (what ever) so if the log i got is not good enough or really needs to be done the other way please tell me how to reverse it and i'll do it...

    so here is the combo scan
    ComboFix 08-03-10.1 - Keith 2008-03-11 22:55:32.1 - NTFSx86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.922 [GMT -4:00]
    Running from: C:\Users\Keith\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Helper
    C:\Program Files\Helper\1202163755.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-02-12 to 2008-03-12 )))))))))))))))))))))))))))))))
    .

    2008-03-11 22:34 . 2008-03-11 22:34 <DIR> d-------- C:\Program Files\Trend Micro
    2008-03-11 21:24 . 2008-03-11 21:24 268 --ah----- C:\sqmdata06.sqm
    2008-03-11 21:24 . 2008-03-11 21:24 244 --ah----- C:\sqmnoopt06.sqm
    2008-03-11 11:14 . 2008-03-11 11:14 268 --ah----- C:\sqmdata05.sqm
    2008-03-11 11:14 . 2008-03-11 11:14 244 --ah----- C:\sqmnoopt05.sqm
    2008-03-10 23:19 . 2008-03-10 23:19 268 --ah----- C:\sqmdata04.sqm
    2008-03-10 23:19 . 2008-03-10 23:19 244 --ah----- C:\sqmnoopt04.sqm
    2008-03-10 18:06 . 2008-03-10 18:06 268 --ah----- C:\sqmdata03.sqm
    2008-03-10 18:06 . 2008-03-10 18:06 244 --ah----- C:\sqmnoopt03.sqm
    2008-03-10 16:56 . 2008-03-10 16:56 268 --ah----- C:\sqmdata02.sqm
    2008-03-10 16:56 . 2008-03-10 16:56 244 --ah----- C:\sqmnoopt02.sqm
    2008-03-10 16:33 . 2008-03-10 16:33 92,064 --a------ C:\Users\Keith\mqdmmdm.sys
    2008-03-10 16:33 . 2008-03-10 16:33 79,328 --a------ C:\Users\Keith\mqdmserd.sys
    2008-03-10 16:33 . 2008-03-10 16:33 66,656 --a------ C:\Users\Keith\mqdmbus.sys
    2008-03-10 16:33 . 2008-03-10 16:33 9,232 --a------ C:\Users\Keith\mqdmmdfl.sys
    2008-03-10 16:33 . 2008-03-10 16:33 6,208 --a------ C:\Users\Keith\mqdmcmnt.sys
    2008-03-10 16:33 . 2008-03-10 16:33 5,936 --a------ C:\Users\Keith\mqdmwhnt.sys
    2008-03-10 16:33 . 2008-03-10 16:33 4,048 --a------ C:\Users\Keith\mqdmcr.sys
    2008-03-10 14:05 . 2008-03-10 16:37 <DIR> d-------- C:\Program Files\Motorola Phone Tools
    2008-03-10 14:05 . 2005-11-24 17:02 24,192 --------- C:\Windows\System32\drivers\USBSER.SYS
    2008-03-10 14:03 . 2008-03-10 16:33 25,600 --a------ C:\Users\Keith\usbsermptxp.sys
    2008-03-10 14:03 . 2008-03-10 16:33 22,768 --a------ C:\Users\Keith\usbsermpt.sys
    2008-03-10 13:59 . 2008-03-10 13:59 <DIR> d-------- C:\Users\Keith\AppData\Roaming\InstallShield
    2008-03-10 13:59 . 2008-03-10 13:59 <DIR> d-------- C:\Users\All Users\Avanquest Software
    2008-03-10 13:59 . 2008-03-10 13:59 <DIR> d-------- C:\ProgramData\Avanquest Software
    2008-03-09 23:38 . 2008-03-09 23:38 268 --ah----- C:\sqmdata01.sqm
    2008-03-09 23:38 . 2008-03-09 23:38 244 --ah----- C:\sqmnoopt01.sqm
    2008-03-09 23:35 . 2008-03-09 23:35 268 --ah----- C:\sqmdata00.sqm
    2008-03-09 23:35 . 2008-03-09 23:35 244 --ah----- C:\sqmnoopt00.sqm
    2008-03-07 18:03 . 2008-03-10 13:59 <DIR> d-------- C:\Program Files\LiveUpdate
    2008-03-07 18:02 . 2008-03-10 14:05 <DIR> d-------- C:\Program Files\mobile PhoneTools
    2008-03-07 17:35 . 2008-03-11 11:15 <DIR> d-------- C:\Program Files\Venturi2
    2008-03-07 14:01 . 2008-03-07 14:01 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
    2008-03-07 13:40 . 2008-03-07 13:40 13,035 --a------ C:\Windows\System32\drivers\SymRedir.cat
    2008-03-07 13:40 . 2008-03-07 13:40 1,358 --a------ C:\Windows\System32\drivers\SymRedir.inf
    2008-03-07 13:39 . 2008-03-07 13:39 191,536 --a------ C:\Windows\System32\drivers\symtdi.sys
    2008-03-07 13:39 . 2008-03-07 13:39 145,968 --a------ C:\Windows\System32\drivers\symfw.sys
    2008-03-07 13:39 . 2008-03-07 13:39 39,984 --a------ C:\Windows\System32\drivers\symids.sys
    2008-03-07 13:39 . 2008-03-07 13:39 37,936 --a------ C:\Windows\System32\drivers\symndisv.sys
    2008-03-07 13:39 . 2008-03-07 13:39 27,696 --a------ C:\Windows\System32\drivers\symredrv.sys
    2008-03-07 13:39 . 2008-03-07 13:39 12,848 --a------ C:\Windows\System32\drivers\symdns.sys
    2008-03-07 13:38 . 2008-03-10 14:07 <DIR> d-------- C:\Users\All Users\BVRP Software
    2008-03-07 13:38 . 2008-03-10 14:07 <DIR> d-------- C:\ProgramData\BVRP Software
    2008-03-06 19:39 . 2008-03-06 19:40 <DIR> d-------- C:\Users\All Users\Adobe
    2008-03-06 19:39 . 2008-03-06 19:39 <DIR> d-------- C:\Program Files\Common Files\Adobe
    2008-03-06 17:32 . 2008-03-06 17:33 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
    2008-03-05 00:45 . 2008-03-05 00:45 <DIR> d-------- C:\Users\Keith\AppData\Roaming\AdobeUM
    2008-03-04 23:47 . 2008-03-04 23:47 <DIR> d--h----- C:\Users\Keith\AppData\Roaming\IFViewer
    2008-02-27 19:09 . 2008-02-27 19:09 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
    2008-02-23 11:01 . 2008-02-23 11:01 <DIR> d-------- C:\Users\Keith\AppData\Roaming\Printer Info Cache
    2008-02-23 11:01 . 2008-02-23 11:02 <DIR> d-------- C:\Users\Keith\AppData\Roaming\Image Zone Express
    2008-02-22 23:27 . 2008-02-22 23:27 <DIR> d-------- C:\Users\All Users\Pure Networks
    2008-02-22 23:27 . 2008-02-22 23:27 <DIR> d-------- C:\ProgramData\Pure Networks
    2008-02-22 23:27 . 2008-01-08 18:16 24,888 --a------ C:\Windows\System32\drivers\pnarp.sys
    2008-02-19 14:24 . 2008-02-19 14:27 <DIR> d-------- C:\Program Files\Windows Live
    2008-02-19 14:24 . 2008-02-19 14:27 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-02-16 18:32 . 2008-02-19 14:24 <DIR> d-------- C:\Users\All Users\WLInstaller
    2008-02-16 18:32 . 2008-02-19 14:24 <DIR> d-------- C:\ProgramData\WLInstaller
    2008-02-16 03:03 . 2008-01-10 01:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
    2008-02-15 17:13 . 2008-02-15 17:13 <DIR> d-------- C:\Program Files\Pure Networks
    2008-02-15 17:13 . 2008-02-22 23:27 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared
    2008-02-13 23:46 . 2008-02-13 23:46 0 --a------ C:\Users\Keith\AppData\Roaming\wklnhst.dat
    2008-02-13 04:07 . 2008-02-13 04:07 194,560 --a------ C:\Windows\System32\WebClnt.dll
    2008-02-13 04:07 . 2008-02-13 04:07 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
    2008-02-13 04:04 . 2008-02-13 04:04 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
    2008-02-13 04:03 . 2008-02-13 04:03 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-13 04:03 . 2008-02-13 04:03 1,686,528 --a------ C:\Windows\System32\gameux.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-12 02:49 --------- d-----w C:\Users\Keith\AppData\Roaming\DNA
    2008-03-12 02:45 --------- d-----w C:\ProgramData\Symantec
    2008-03-11 15:14 --------- d-----w C:\Users\Keith\AppData\Roaming\BitTorrent
    2008-03-11 15:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-11 00:02 --------- d-----w C:\Program Files\Norton Internet Security
    2008-03-11 00:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-13 08:04 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-13 08:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-13 08:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-13 08:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-13 08:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-13 08:04 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-13 08:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-13 08:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-13 08:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-13 08:04 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-13 08:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-13 08:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-13 08:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-13 08:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-13 08:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-13 08:01 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-13 08:01 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-13 08:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-13 08:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-12 03:16 --------- d-----w C:\Users\Keith\AppData\Roaming\HP
    2008-02-09 06:20 --------- d-----w C:\Program Files\PacificPoker4
    2008-02-06 00:53 --------- d-----w C:\ProgramData\Microsoft Help
    2008-02-05 13:32 --------- d-----w C:\ProgramData\WEBREG
    2008-02-05 13:31 --------- d-----w C:\Program Files\HP
    2008-02-05 13:31 --------- d-----w C:\Program Files\Common Files\HP
    2008-02-05 13:30 --------- d-----w C:\ProgramData\HP
    2008-02-05 13:29 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-02-05 13:29 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
    2008-02-05 13:23 --------- d-----w C:\ProgramData\Hewlett-Packard
    2008-02-05 12:59 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
    2008-02-05 12:58 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-02-05 12:58 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-02-05 08:31 174 --sha-w C:\Program Files\desktop.ini
    2008-02-05 08:27 --------- d-----w C:\Program Files\Windows Sidebar
    2008-02-05 08:27 --------- d-----w C:\Program Files\Windows Mail
    2008-02-05 08:27 --------- d-----w C:\Program Files\Windows Defender
    2008-02-05 08:27 --------- d-----w C:\Program Files\Windows Calendar
    2008-02-05 08:15 87,040 ----a-w C:\Windows\System32\msoert2.dll
    2008-02-05 08:13 49,664 ----a-w C:\Windows\System32\csrsrv.dll
    2008-02-05 08:13 376,320 ----a-w C:\Windows\System32\winsrv.dll
    2008-02-05 08:11 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
    2008-02-05 08:11 7,680 ----a-w C:\Windows\System32\spwmp.dll
    2008-02-05 08:11 414,208 ----a-w C:\Windows\System32\msscp.dll
    2008-02-05 08:11 4,096 ----a-w C:\Windows\System32\dxmasf.dll
    2008-02-05 08:11 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
    2008-02-05 08:10 86,016 ----a-w C:\Windows\System32\icfupgd.dll
    2008-02-05 08:10 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
    2008-02-05 08:10 61,952 ----a-w C:\Windows\System32\cmifw.dll
    2008-02-05 08:10 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
    2008-02-05 08:10 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
    2008-02-05 08:10 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
    2008-02-05 08:10 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
    2008-02-05 08:10 16,896 ----a-w C:\Windows\System32\wfapigp.dll
    2008-02-05 08:10 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
    2008-02-05 08:08 8,704 ----a-w C:\Windows\System32\hcrstco.dll
    2008-02-05 08:08 8,704 ----a-w C:\Windows\System32\hccoin.dll
    2008-02-05 08:08 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
    2008-02-05 08:08 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
    2008-02-05 08:08 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
    2008-02-05 08:08 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
    2008-02-05 08:08 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
    2008-02-05 08:08 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
    2008-02-05 08:08 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2008-02-05 08:07 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-02-05 08:06 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2008-02-05 08:06 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
    2008-02-05 08:06 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
    2008-02-05 08:06 39,936 ----a-w C:\Windows\System32\slcinst.dll
    2008-02-05 08:06 351,232 ----a-w C:\Windows\System32\SLUI.exe
    2008-02-05 08:06 33,280 ----a-w C:\Windows\System32\slwmi.dll
    2008-02-05 08:06 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
    2008-02-05 08:06 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2008-02-05 08:06 223,232 ----a-w C:\Windows\System32\SLC.dll
    2008-02-05 08:06 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
    2008-02-05 08:06 186,368 ----a-w C:\Windows\System32\SLLUA.exe
    2008-02-05 08:05 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
    2008-02-05 08:03 84,480 ----a-w C:\Windows\System32\INETRES.dll
    2008-02-05 08:03 737,792 ----a-w C:\Windows\System32\inetcomm.dll
    2008-02-05 08:03 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-02-05 08:01 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
    2008-02-05 08:01 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
    2008-02-05 08:01 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
    2008-02-05 08:01 5,120 ----a-w C:\Windows\System32\wmi.dll
    2008-02-05 08:01 152,576 ----a-w C:\Windows\System32\imagehlp.dll
    2008-02-05 08:01 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
    2008-02-05 08:01 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
    2008-02-05 08:01 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
    2008-02-05 08:01 --------- d-----w C:\Program Files\MSXML 4.0
    2008-02-05 08:00 750,080 ----a-w C:\Windows\System32\qmgr.dll
    2008-02-05 08:00 633,856 ----a-w C:\Windows\System32\user32.dll
    2008-02-05 03:57 --------- d-----w C:\ProgramData\IM
    2008-02-05 03:56 --------- d-----w C:\ProgramData\IncrediMail
    2008-02-05 03:56 --------- d-----w C:\Program Files\IncrediMail
    2008-02-05 03:46 --------- d-----w C:\Program Files\CONEXANT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-05 04:03 1232896]
    "BitTorrent DNA "= "C:\Program Files\DNA\btdna.exe" [2008-02-04 17:41 286528]
    "IncrediMail "= "C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-01-29 12:31 243072]
    "MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
    "ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-05 04:12 1006264]
    "RtHDVCpl "= "RtHDVCpl.exe" [2007-03-23 07:04 4423680 C:\Windows\RtHDVCpl.exe]
    "ccApp "= "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 00:44 107112]
    "osCheck "= "c:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 00:42 22696]
    "Acer Tour "=" " []
    "Acer Empowering Technology Monitor "= "C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 13:27 319488]
    "eDataSecurity Loader "= "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 03:04 464168]
    "eRecoveryService "=" " []
    "Acer Tour Reminder "= "C:\Acer\AcerTour\Reminder.exe" [2007-02-15 21:39 151552]
    "tempreg "= "regsvr32 /s C:\Program Files\Helper\1202163755.dll" [ ]
    "HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
    "Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
    "nmctxth "= "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 18:20 451896]
    "nmapp "= "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-18 11:32 451896]
    "IntelliPoint "= "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 13:01 1037736]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC "= "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
    "Acer Tour Reminder "= "C:\Acer\AcerTour\Reminder.exe" [2007-02-15 21:39 151552]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-16 21:09:28 528384]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
    PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-04-16 21:13:50 200812]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify "=dword:00000001
    "InternetSettingsDisableNotify "=dword:00000001
    "AutoUpdateDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{ED1E9675-5C5C-4552-8979-8FFBD704C996} "= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{C5A6A6A0-D297-4AA6-9383-21A16C3F9929} "= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{C0B04953-9D63-4886-9FEE-B20972592777} "= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live|Desc=Acer Arcade Live
    "{64C52DD3-2977-4C34-BDA1-8FD96179DF00} "= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess|Desc=SlideShow DVD workprocess
    "{F42A10AE-D383-4A78-9E05-64BBC84376C5} "= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess|Desc=DV Magician ARA workprocess
    "{A0E22BD1-9D17-41A4-BF50-419B503C50D0} "= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess|Desc=DV Magician AVAX workprocess
    "{E59634F8-1C07-40AC-84E1-E301FBC238EE} "= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine|Desc=DVDivine
    "{DFFF3429-DA90-43DB-898C-FAEEFE3F39E2} "= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia|Desc=HomeMedia
    "{5F06C73B-3B46-4ED5-983C-2880071833B2} "= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect|Desc=HomeMedia Connect
    "{1955E669-BE1F-4C13-B854-FB32F2900974} "= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service|Desc=HomeMedia Connect Service
    "{A8757501-B402-4C19-AD10-EA4697A9512B} "= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician|Desc=VideoMagician
    "{7D22F66D-1535-4267-9860-0C6283CB2451} "= UDP:C:\Program Files\DNA\btdna.exe:DNA
    "{FBFD54D0-583C-4E21-B8DA-2AF5D5A4646B} "= TCP:C:\Program Files\DNA\btdna.exe:DNA
    "{0156ACB8-CB92-427A-A2E3-EEE4323F76FC} "= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{C5CBA1EE-00AB-4DAA-A84B-85958EE6B63D} "= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{71AD1686-FD47-4777-87C2-784CB44B349D} "= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{6F4E3120-5DF8-48B0-90FC-C53005B2DD07} "= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{00CF96FB-95C9-4E19-A7CC-A1BEA6B0147B} "= TCP:67:DHCP Discovery Service
    "{091DF7AF-E088-438F-B104-027292898187} "= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
    "TCP Query User{8794DB6A-CE32-4587-B9B5-75CE7FCB1968}C:\users\keith\program files\dna\btdna.exe "= UDP:C:\users\keith\program files\dna\btdna.exe:btdna.exe|Desc=btdna.exe
    "UDP Query User{1831AD0F-7D06-4ADC-ABB2-63EA5789F59B}C:\users\keith\program files\dna\btdna.exe "= TCP:C:\users\keith\program files\dna\btdna.exe:btdna.exe|Desc=btdna.exe
    "{31AEA0A8-9B0D-4EC2-A6DB-32C334C0FC4E} "= TCP:67:DHCP Discovery Service
    "{46757BAC-F066-447A-A49D-D729043932CA} "= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{F2D3FB4B-27D2-4424-ACAE-195538718EE4} "= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{B6632096-68F7-4844-8D7B-A9E37EB0C7A1} "= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{2EE2821F-8DAE-4851-B286-A70FC423C662} "= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{BC323A68-955B-4A07-9E20-37077EE66750} "= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{34F1E01A-4C84-4281-B1E0-55809A484D50} "= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{DAE6EBBB-8158-4C4D-9B2E-CABA3C8AACCD} "= UDP:C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:pure Networks Platform Service
    "{FF73342A-1174-4F63-867A-3FDFADD6BE8A} "= TCP:C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:pure Networks Platform Service

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1 "= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\BitTorrent\bittorrent.exe "= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-29 23:22]
    R0 hotcore3;hotcore3;C:\Windows\system32\drivers\hotcore3.sys [2008-01-21 18:43]
    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 03:04]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 03:04]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 03:04]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080305.002\IDSvix86.sys [2008-02-13 12:18]
    R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 21:54]
    R2 eDataSecurity Service;eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 03:04]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-14 03:07]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39]
    R3 VST_DPV;VST_DPV;C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 03:41]
    R3 VSTHWBS2;VSTHWBS2;C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 03:41]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47021ef5-d34d-11dc-90e0-806e6f6e6963}]
    \shell\AutoRun\command - F:\setup.exe

    *Newly Created Service* - COMHOST
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-08 18:22:40 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Keith.job "
    - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-11 22:57:07
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-03-11 22:57:44
    ComboFix-quarantined-files.txt 2008-03-12 02:57:42
    .
    2008-03-09 04:15:31 --- E O F ---

    and the HJT scan
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:01:52 PM, on 11/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Acer\Empowering Technology\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\IncrediMail\bin\ImNotfy.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe "
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [tempreg] regsvr32 /s "C:\Program Files\Helper\1202163755.dll "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe "
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 9601 bytes
    :Dthanks again
    keith
     
    keith 1000,
    #3
  5. 2008/03/12
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi

    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Code:
    Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "tempreg "=-
    Now lets get a on-line scan.

    Please do an online scan with Kaspersky WebScanner

    Click on "Accept" If your pop "“up blocker blocks the ActiveX download, allow it, click on "Accept" again

    You will be promted to install an ActiveX component from Kaspersky, Click Yes or Install.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will start the program and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.

    Please post the Kaspersky results and the CFScript log.

    Is Facebook working?

    Geri
     
    Geri,
    #4
  6. 2008/03/12
    keith 1000

    keith 1000 Inactive Thread Starter

    Joined:
    2006/10/23
    Messages:
    72
    Likes Received:
    0
    hi geri
    just one thing before i continue because i'm a little confused.
    as far as this script thing goes you say copy and drag to combo, when copying does that also actually incude the word "registry:" or just the string??
    thanks
     
    keith 1000,
    #5
  7. 2008/03/12
    keith 1000

    keith 1000 Inactive Thread Starter

    Joined:
    2006/10/23
    Messages:
    72
    Likes Received:
    0
    hi geri.
    it's not so much that i'm impatient!! i just figured you wouldn't post some thing that wasn't suposed to be there so i copy and drag and scaned like you asked and worked fine so i must of did it right! so here is the new combo scan

    ComboFix 08-03-10.1 - Keith 2008-03-12 10:19:15.2 - NTFSx86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.856 [GMT -4:00]
    Running from: C:\Users\Keith\Desktop\ComboFix.exe
    Command switches used :: C:\Users\Keith\Desktop\CFScript.txt
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2008-02-12 to 2008-03-12 )))))))))))))))))))))))))))))))
    .

    2008-03-11 23:18 . 2008-03-11 23:18 268 --ah----- C:\sqmdata07.sqm
    2008-03-11 23:18 . 2008-03-11 23:18 244 --ah----- C:\sqmnoopt07.sqm
    2008-03-11 22:34 . 2008-03-11 22:34 <DIR> d-------- C:\Program Files\Trend Micro
    2008-03-11 21:24 . 2008-03-11 21:24 268 --ah----- C:\sqmdata06.sqm
    2008-03-11 21:24 . 2008-03-11 21:24 244 --ah----- C:\sqmnoopt06.sqm
    2008-03-11 11:14 . 2008-03-11 11:14 268 --ah----- C:\sqmdata05.sqm
    2008-03-11 11:14 . 2008-03-11 11:14 244 --ah----- C:\sqmnoopt05.sqm
    2008-03-10 23:19 . 2008-03-10 23:19 268 --ah----- C:\sqmdata04.sqm
    2008-03-10 23:19 . 2008-03-10 23:19 244 --ah----- C:\sqmnoopt04.sqm
    2008-03-10 18:06 . 2008-03-10 18:06 268 --ah----- C:\sqmdata03.sqm
    2008-03-10 18:06 . 2008-03-10 18:06 244 --ah----- C:\sqmnoopt03.sqm
    2008-03-10 16:56 . 2008-03-10 16:56 268 --ah----- C:\sqmdata02.sqm
    2008-03-10 16:56 . 2008-03-10 16:56 244 --ah----- C:\sqmnoopt02.sqm
    2008-03-10 16:33 . 2008-03-10 16:33 92,064 --a------ C:\Users\Keith\mqdmmdm.sys
    2008-03-10 16:33 . 2008-03-10 16:33 79,328 --a------ C:\Users\Keith\mqdmserd.sys
    2008-03-10 16:33 . 2008-03-10 16:33 66,656 --a------ C:\Users\Keith\mqdmbus.sys
    2008-03-10 16:33 . 2008-03-10 16:33 9,232 --a------ C:\Users\Keith\mqdmmdfl.sys
    2008-03-10 16:33 . 2008-03-10 16:33 6,208 --a------ C:\Users\Keith\mqdmcmnt.sys
    2008-03-10 16:33 . 2008-03-10 16:33 5,936 --a------ C:\Users\Keith\mqdmwhnt.sys
    2008-03-10 16:33 . 2008-03-10 16:33 4,048 --a------ C:\Users\Keith\mqdmcr.sys
    2008-03-10 14:05 . 2008-03-10 16:37 <DIR> d-------- C:\Program Files\Motorola Phone Tools
    2008-03-10 14:05 . 2005-11-24 17:02 24,192 --------- C:\Windows\System32\drivers\USBSER.SYS
    2008-03-10 14:03 . 2008-03-10 16:33 25,600 --a------ C:\Users\Keith\usbsermptxp.sys
    2008-03-10 14:03 . 2008-03-10 16:33 22,768 --a------ C:\Users\Keith\usbsermpt.sys
    2008-03-10 13:59 . 2008-03-10 13:59 <DIR> d-------- C:\Users\Keith\AppData\Roaming\InstallShield
    2008-03-10 13:59 . 2008-03-10 13:59 <DIR> d-------- C:\Users\All Users\Avanquest Software
    2008-03-10 13:59 . 2008-03-10 13:59 <DIR> d-------- C:\ProgramData\Avanquest Software
    2008-03-09 23:38 . 2008-03-09 23:38 268 --ah----- C:\sqmdata01.sqm
    2008-03-09 23:38 . 2008-03-09 23:38 244 --ah----- C:\sqmnoopt01.sqm
    2008-03-09 23:35 . 2008-03-09 23:35 268 --ah----- C:\sqmdata00.sqm
    2008-03-09 23:35 . 2008-03-09 23:35 244 --ah----- C:\sqmnoopt00.sqm
    2008-03-07 18:03 . 2008-03-10 13:59 <DIR> d-------- C:\Program Files\LiveUpdate
    2008-03-07 18:02 . 2008-03-10 14:05 <DIR> d-------- C:\Program Files\mobile PhoneTools
    2008-03-07 17:35 . 2008-03-11 11:15 <DIR> d-------- C:\Program Files\Venturi2
    2008-03-07 14:01 . 2008-03-07 14:01 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
    2008-03-07 13:40 . 2008-03-07 13:40 13,035 --a------ C:\Windows\System32\drivers\SymRedir.cat
    2008-03-07 13:40 . 2008-03-07 13:40 1,358 --a------ C:\Windows\System32\drivers\SymRedir.inf
    2008-03-07 13:39 . 2008-03-07 13:39 191,536 --a------ C:\Windows\System32\drivers\symtdi.sys
    2008-03-07 13:39 . 2008-03-07 13:39 145,968 --a------ C:\Windows\System32\drivers\symfw.sys
    2008-03-07 13:39 . 2008-03-07 13:39 39,984 --a------ C:\Windows\System32\drivers\symids.sys
    2008-03-07 13:39 . 2008-03-07 13:39 37,936 --a------ C:\Windows\System32\drivers\symndisv.sys
    2008-03-07 13:39 . 2008-03-07 13:39 27,696 --a------ C:\Windows\System32\drivers\symredrv.sys
    2008-03-07 13:39 . 2008-03-07 13:39 12,848 --a------ C:\Windows\System32\drivers\symdns.sys
    2008-03-07 13:38 . 2008-03-10 14:07 <DIR> d-------- C:\Users\All Users\BVRP Software
    2008-03-07 13:38 . 2008-03-10 14:07 <DIR> d-------- C:\ProgramData\BVRP Software
    2008-03-06 19:39 . 2008-03-06 19:40 <DIR> d-------- C:\Users\All Users\Adobe
    2008-03-06 19:39 . 2008-03-06 19:39 <DIR> d-------- C:\Program Files\Common Files\Adobe
    2008-03-06 17:32 . 2008-03-06 17:33 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
    2008-03-05 00:45 . 2008-03-05 00:45 <DIR> d-------- C:\Users\Keith\AppData\Roaming\AdobeUM
    2008-03-04 23:47 . 2008-03-04 23:47 <DIR> d--h----- C:\Users\Keith\AppData\Roaming\IFViewer
    2008-02-27 19:09 . 2008-02-27 19:09 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
    2008-02-23 11:01 . 2008-02-23 11:01 <DIR> d-------- C:\Users\Keith\AppData\Roaming\Printer Info Cache
    2008-02-23 11:01 . 2008-02-23 11:02 <DIR> d-------- C:\Users\Keith\AppData\Roaming\Image Zone Express
    2008-02-22 23:27 . 2008-02-22 23:27 <DIR> d-------- C:\Users\All Users\Pure Networks
    2008-02-22 23:27 . 2008-02-22 23:27 <DIR> d-------- C:\ProgramData\Pure Networks
    2008-02-22 23:27 . 2008-01-08 18:16 24,888 --a------ C:\Windows\System32\drivers\pnarp.sys
    2008-02-19 14:24 . 2008-02-19 14:27 <DIR> d-------- C:\Program Files\Windows Live
    2008-02-19 14:24 . 2008-02-19 14:27 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-02-16 18:32 . 2008-02-19 14:24 <DIR> d-------- C:\Users\All Users\WLInstaller
    2008-02-16 18:32 . 2008-02-19 14:24 <DIR> d-------- C:\ProgramData\WLInstaller
    2008-02-16 03:03 . 2008-01-10 01:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
    2008-02-15 17:13 . 2008-02-15 17:13 <DIR> d-------- C:\Program Files\Pure Networks
    2008-02-15 17:13 . 2008-02-22 23:27 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared
    2008-02-13 23:46 . 2008-02-13 23:46 0 --a------ C:\Users\Keith\AppData\Roaming\wklnhst.dat
    2008-02-13 04:07 . 2008-02-13 04:07 194,560 --a------ C:\Windows\System32\WebClnt.dll
    2008-02-13 04:07 . 2008-02-13 04:07 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
    2008-02-13 04:04 . 2008-02-13 04:04 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
    2008-02-13 04:03 . 2008-02-13 04:03 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-13 04:03 . 2008-02-13 04:03 1,686,528 --a------ C:\Windows\System32\gameux.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-12 14:18 --------- d-----w C:\Users\Keith\AppData\Roaming\DNA
    2008-03-12 14:15 --------- d-----w C:\ProgramData\Symantec
    2008-03-11 15:14 --------- d-----w C:\Users\Keith\AppData\Roaming\BitTorrent
    2008-03-11 15:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-11 00:02 --------- d-----w C:\Program Files\Norton Internet Security
    2008-03-11 00:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-13 08:04 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-13 08:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-13 08:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-13 08:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-13 08:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-13 08:04 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-13 08:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-13 08:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-13 08:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-13 08:04 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-13 08:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-13 08:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-13 08:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-13 08:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-13 08:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-13 08:01 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-13 08:01 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-13 08:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-13 08:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-12 03:16 --------- d-----w C:\Users\Keith\AppData\Roaming\HP
    2008-02-09 06:20 --------- d-----w C:\Program Files\PacificPoker4
    2008-02-06 00:53 --------- d-----w C:\ProgramData\Microsoft Help
    2008-02-05 13:32 --------- d-----w C:\ProgramData\WEBREG
    2008-02-05 13:31 --------- d-----w C:\Program Files\HP
    2008-02-05 13:31 --------- d-----w C:\Program Files\Common Files\HP
    2008-02-05 13:30 --------- d-----w C:\ProgramData\HP
    2008-02-05 13:29 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-02-05 13:29 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
    2008-02-05 13:23 --------- d-----w C:\ProgramData\Hewlett-Packard
    2008-02-05 12:59 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
    2008-02-05 12:58 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-02-05 12:58 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-02-05 08:31 174 --sha-w C:\Program Files\desktop.ini
    2008-02-05 08:27 --------- d-----w C:\Program Files\Windows Sidebar
    2008-02-05 08:27 --------- d-----w C:\Program Files\Windows Mail
    2008-02-05 08:27 --------- d-----w C:\Program Files\Windows Defender
    2008-02-05 08:27 --------- d-----w C:\Program Files\Windows Calendar
    2008-02-05 08:15 87,040 ----a-w C:\Windows\System32\msoert2.dll
    2008-02-05 08:13 49,664 ----a-w C:\Windows\System32\csrsrv.dll
    2008-02-05 08:13 376,320 ----a-w C:\Windows\System32\winsrv.dll
    2008-02-05 08:11 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
    2008-02-05 08:11 7,680 ----a-w C:\Windows\System32\spwmp.dll
    2008-02-05 08:11 414,208 ----a-w C:\Windows\System32\msscp.dll
    2008-02-05 08:11 4,096 ----a-w C:\Windows\System32\dxmasf.dll
    2008-02-05 08:11 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
    2008-02-05 08:10 86,016 ----a-w C:\Windows\System32\icfupgd.dll
    2008-02-05 08:10 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
    2008-02-05 08:10 61,952 ----a-w C:\Windows\System32\cmifw.dll
    2008-02-05 08:10 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
    2008-02-05 08:10 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
    2008-02-05 08:10 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
    2008-02-05 08:10 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
    2008-02-05 08:10 16,896 ----a-w C:\Windows\System32\wfapigp.dll
    2008-02-05 08:10 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
    2008-02-05 08:08 8,704 ----a-w C:\Windows\System32\hcrstco.dll
    2008-02-05 08:08 8,704 ----a-w C:\Windows\System32\hccoin.dll
    2008-02-05 08:08 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
    2008-02-05 08:08 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
    2008-02-05 08:08 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
    2008-02-05 08:08 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
    2008-02-05 08:08 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
    2008-02-05 08:08 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
    2008-02-05 08:08 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2008-02-05 08:07 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-02-05 08:06 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2008-02-05 08:06 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
    2008-02-05 08:06 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
    2008-02-05 08:06 39,936 ----a-w C:\Windows\System32\slcinst.dll
    2008-02-05 08:06 351,232 ----a-w C:\Windows\System32\SLUI.exe
    2008-02-05 08:06 33,280 ----a-w C:\Windows\System32\slwmi.dll
    2008-02-05 08:06 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
    2008-02-05 08:06 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2008-02-05 08:06 223,232 ----a-w C:\Windows\System32\SLC.dll
    2008-02-05 08:06 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
    2008-02-05 08:06 186,368 ----a-w C:\Windows\System32\SLLUA.exe
    2008-02-05 08:05 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
    2008-02-05 08:03 84,480 ----a-w C:\Windows\System32\INETRES.dll
    2008-02-05 08:03 737,792 ----a-w C:\Windows\System32\inetcomm.dll
    2008-02-05 08:03 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-02-05 08:01 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
    2008-02-05 08:01 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
    2008-02-05 08:01 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
    2008-02-05 08:01 5,120 ----a-w C:\Windows\System32\wmi.dll
    2008-02-05 08:01 152,576 ----a-w C:\Windows\System32\imagehlp.dll
    2008-02-05 08:01 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
    2008-02-05 08:01 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
    2008-02-05 08:01 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
    2008-02-05 08:01 --------- d-----w C:\Program Files\MSXML 4.0
    2008-02-05 08:00 750,080 ----a-w C:\Windows\System32\qmgr.dll
    2008-02-05 08:00 633,856 ----a-w C:\Windows\System32\user32.dll
    2008-02-05 03:57 --------- d-----w C:\ProgramData\IM
    2008-02-05 03:56 --------- d-----w C:\ProgramData\IncrediMail
    2008-02-05 03:56 --------- d-----w C:\Program Files\IncrediMail
    2008-02-05 03:46 --------- d-----w C:\Program Files\CONEXANT
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-11_22.57.24.63 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-12 02:25:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-03-12 14:14:10 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-03-12 02:25:20 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-12 14:14:10 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-03-12 02:25:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-03-12 14:14:10 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-05 04:03 1232896]
    "BitTorrent DNA "= "C:\Program Files\DNA\btdna.exe" [2008-02-04 17:41 286528]
    "IncrediMail "= "C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-01-29 12:31 243072]
    "MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
    "ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-05 04:12 1006264]
    "RtHDVCpl "= "RtHDVCpl.exe" [2007-03-23 07:04 4423680 C:\Windows\RtHDVCpl.exe]
    "ccApp "= "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 00:44 107112]
    "osCheck "= "c:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 00:42 22696]
    "Acer Tour "=" " []
    "Acer Empowering Technology Monitor "= "C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 13:27 319488]
    "eDataSecurity Loader "= "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 03:04 464168]
    "eRecoveryService "=" " []
    "Acer Tour Reminder "= "C:\Acer\AcerTour\Reminder.exe" [2007-02-15 21:39 151552]
    "HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
    "Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
    "nmctxth "= "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 18:20 451896]
    "nmapp "= "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-18 11:32 451896]
    "IntelliPoint "= "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 13:01 1037736]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC "= "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
    "Acer Tour Reminder "= "C:\Acer\AcerTour\Reminder.exe" [2007-02-15 21:39 151552]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-16 21:09:28 528384]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
    PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-04-16 21:13:50 200812]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify "=dword:00000001
    "InternetSettingsDisableNotify "=dword:00000001
    "AutoUpdateDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{ED1E9675-5C5C-4552-8979-8FFBD704C996} "= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{C5A6A6A0-D297-4AA6-9383-21A16C3F9929} "= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{C0B04953-9D63-4886-9FEE-B20972592777} "= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live|Desc=Acer Arcade Live
    "{64C52DD3-2977-4C34-BDA1-8FD96179DF00} "= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess|Desc=SlideShow DVD workprocess
    "{F42A10AE-D383-4A78-9E05-64BBC84376C5} "= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess|Desc=DV Magician ARA workprocess
    "{A0E22BD1-9D17-41A4-BF50-419B503C50D0} "= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess|Desc=DV Magician AVAX workprocess
    "{E59634F8-1C07-40AC-84E1-E301FBC238EE} "= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine|Desc=DVDivine
    "{DFFF3429-DA90-43DB-898C-FAEEFE3F39E2} "= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia|Desc=HomeMedia
    "{5F06C73B-3B46-4ED5-983C-2880071833B2} "= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect|Desc=HomeMedia Connect
    "{1955E669-BE1F-4C13-B854-FB32F2900974} "= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service|Desc=HomeMedia Connect Service
    "{A8757501-B402-4C19-AD10-EA4697A9512B} "= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician|Desc=VideoMagician
    "{7D22F66D-1535-4267-9860-0C6283CB2451} "= UDP:C:\Program Files\DNA\btdna.exe:DNA
    "{FBFD54D0-583C-4E21-B8DA-2AF5D5A4646B} "= TCP:C:\Program Files\DNA\btdna.exe:DNA
    "{0156ACB8-CB92-427A-A2E3-EEE4323F76FC} "= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{C5CBA1EE-00AB-4DAA-A84B-85958EE6B63D} "= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{71AD1686-FD47-4777-87C2-784CB44B349D} "= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{6F4E3120-5DF8-48B0-90FC-C53005B2DD07} "= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{00CF96FB-95C9-4E19-A7CC-A1BEA6B0147B} "= TCP:67:DHCP Discovery Service
    "{091DF7AF-E088-438F-B104-027292898187} "= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
    "TCP Query User{8794DB6A-CE32-4587-B9B5-75CE7FCB1968}C:\users\keith\program files\dna\btdna.exe "= UDP:C:\users\keith\program files\dna\btdna.exe:btdna.exe|Desc=btdna.exe
    "UDP Query User{1831AD0F-7D06-4ADC-ABB2-63EA5789F59B}C:\users\keith\program files\dna\btdna.exe "= TCP:C:\users\keith\program files\dna\btdna.exe:btdna.exe|Desc=btdna.exe
    "{31AEA0A8-9B0D-4EC2-A6DB-32C334C0FC4E} "= TCP:67:DHCP Discovery Service
    "{46757BAC-F066-447A-A49D-D729043932CA} "= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{F2D3FB4B-27D2-4424-ACAE-195538718EE4} "= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{5719522D-8764-4C01-AAEF-9B686C266E7A} "= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{A480228A-75FD-45CB-AA27-B468DCCBA670} "= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{DCEBA9F4-1D34-4F4D-9170-609442D108D4} "= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{9089DD46-E498-463E-9ABB-135403766743} "= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{23C5544C-1598-4430-B7A8-6DB4B615D584} "= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{D436F3E8-9132-45E2-B664-637B83A27911} "= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{DAE6EBBB-8158-4C4D-9B2E-CABA3C8AACCD} "= UDP:C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:pure Networks Platform Service
    "{FF73342A-1174-4F63-867A-3FDFADD6BE8A} "= TCP:C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:pure Networks Platform Service

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1 "= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\BitTorrent\bittorrent.exe "= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-29 23:22]
    R0 hotcore3;hotcore3;C:\Windows\system32\drivers\hotcore3.sys [2008-01-21 18:43]
    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 03:04]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 03:04]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 03:04]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080305.002\IDSvix86.sys [2008-02-13 12:18]
    R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 21:54]
    R2 eDataSecurity Service;eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 03:04]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-14 03:07]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39]
    R3 VST_DPV;VST_DPV;C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 03:41]
    R3 VSTHWBS2;VSTHWBS2;C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 03:41]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47021ef5-d34d-11dc-90e0-806e6f6e6963}]
    \shell\AutoRun\command - F:\setup.exe

    *Newly Created Service* - COMHOST
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-08 18:22:40 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Keith.job "
    - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-12 10:20:34
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-03-12 10:21:24
    ComboFix-quarantined-files.txt 2008-03-12 14:21:21
    ComboFix2.txt 2008-03-12 02:57:45
    .
    2008-03-09 04:15:31 --- E O F ---


    i'll send off the HJT and online scan in a few min.
    keith
     
    keith 1000,
    #6
  8. 2008/03/12
    keith 1000

    keith 1000 Inactive Thread Starter

    Joined:
    2006/10/23
    Messages:
    72
    Likes Received:
    0
    hi!
    here is the new HJT scan, and i will follow up with the online scan after it may take a while for it to finish.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:27:05 AM, on 12/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Acer\Empowering Technology\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\IncrediMail\bin\ImNotfy.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe "
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe "
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 9519 bytes

    thanks keith
     
    keith 1000,
    #7
  9. 2008/03/12
    keith 1000

    keith 1000 Inactive Thread Starter

    Joined:
    2006/10/23
    Messages:
    72
    Likes Received:
    0
    wow i really took it in the **** with the online scan LOL :mad:
    well thats everything you have asked for . 1-combo scan. 2-HJT scan. 3-the online scan. i hope to hear from you soon
    here is the scan.
    thanks keith
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Wednesday, March 12, 2008 1:07:55 PM
    Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 12/03/2008
    Kaspersky Anti-Virus database records: 625824
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    K:\
    L:\

    Scan Statistics:
    Total number of scanned objects: 117518
    Number of viruses found: 5
    Number of infected objects: 14
    Number of suspicious objects: 1
    Duration of the scan process: 01:16:17

    Infected Object Name / Virus Name / Last Action
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
    C:\ProgramData\CyberLink\DigitalHome\HomeMedia Connect\MediaServer.db Object is locked skipped
    C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.37.Crwl Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.37.gthr Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010025.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010028.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010030.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010045.ci Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010045.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010045.wsb Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy39.gthr Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf31A4.tmp Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf31B4.tmp Object is locked skipped
    C:\ProgramData\Pure Networks\Log\logfile.nmapp_exe.txt Object is locked skipped
    C:\ProgramData\Pure Networks\Log\logfile.nmctxth_exe.txt Object is locked skipped
    C:\ProgramData\Pure Networks\Log\logfile.nmsrvc_exe.txt Object is locked skipped
    C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped
    C:\ProgramData\Symantec\LiveUpdate\2008-03-12_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
    C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
    C:\ProgramData\Symantec\SRTSP\SrtETmp\3BFBE843.TMP Object is locked skipped
    C:\ProgramData\Symantec\SRTSP\SrtETmp\96DDACFD.TMP Object is locked skipped
    C:\ProgramData\Symantec\SRTSP\SrtETmp\E561FD3B.TMP Object is locked skipped
    C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
    C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
    C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
    C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
    C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
    C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped
    C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
    C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
    C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
    C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
    C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
    C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
    C:\QooBox\Quarantine\C\Program Files\Helper\1202163755.dll.vir Infected: not-a-virus:AdWare.Win32.E404.a skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\Users\Keith\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
    C:\Users\Keith\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
    C:\Users\Keith\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008031220080313\index.dat Object is locked skipped
    C:\Users\Keith\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Users\Keith\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Users\Keith\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Users\Keith\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
    C:\Users\Keith\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
    C:\Users\Keith\AppData\Local\Microsoft\Windows\UsrClass.dat{6a221052-d341-11dc-a011-001c255116dd}.TM.blf Object is locked skipped
    C:\Users\Keith\AppData\Local\Microsoft\Windows\UsrClass.dat{6a221052-d341-11dc-a011-001c255116dd}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Users\Keith\AppData\Local\Microsoft\Windows\UsrClass.dat{6a221052-d341-11dc-a011-001c255116dd}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Users\Keith\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
    C:\Users\Keith\AppData\Local\PowerCinema\Trace.log Object is locked skipped
    C:\Users\Keith\AppData\Local\Temp\~DFD32E.tmp Object is locked skipped
    C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
    C:\Users\Keith\NTUSER.DAT Object is locked skipped
    C:\Users\Keith\ntuser.dat.LOG1 Object is locked skipped
    C:\Users\Keith\ntuser.dat.LOG2 Object is locked skipped
    C:\Users\Keith\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
    C:\Users\Keith\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Users\Keith\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Users\Keith\Paragon Partition Manager Professional 9.0 + Recovery CD Image Pro 9\fo-pm9c.exe/data0000.bin Infected: not-a-virus:AdWare.Win32.E404.m skipped
    C:\Users\Keith\Paragon Partition Manager Professional 9.0 + Recovery CD Image Pro 9\fo-pm9c.exe EmbeddedEXE: infected - 1 skipped
    C:\Users\Keith\Paragon Partition Manager Professional 9.0 + Recovery CD Image Pro 9\fo-pm9p.exe/data0000.bin Infected: not-a-virus:AdWare.Win32.E404.m skipped
    C:\Users\Keith\Paragon Partition Manager Professional 9.0 + Recovery CD Image Pro 9\fo-pm9p.exe EmbeddedEXE: infected - 1 skipped
    C:\Windows\Debug\PASSWD.LOG Object is locked skipped
    C:\Windows\Debug\sam.log Object is locked skipped
    C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
    C:\Windows\System32\catroot2\edb.log Object is locked skipped
    C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
    C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
    C:\Windows\System32\config\COMPONENTS Object is locked skipped
    C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
    C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
    C:\Windows\System32\config\DEFAULT Object is locked skipped
    C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
    C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
    C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
    C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
    C:\Windows\System32\config\RegBack\SAM Object is locked skipped
    C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
    C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
    C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
    C:\Windows\System32\config\SAM Object is locked skipped
    C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
    C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
    C:\Windows\System32\config\SECURITY Object is locked skipped
    C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
    C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
    C:\Windows\System32\config\SOFTWARE Object is locked skipped
    C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
    C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
    C:\Windows\System32\config\SYSTEM Object is locked skipped
    C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
    C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Windows\System32\config\systemprofile\AppData\Local\PowerCinema\Trace.log Object is locked skipped
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Windows\System32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
    C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
    C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
    C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
    C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
    C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
    C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
    C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
    C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
    C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
    C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
    C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003 Object is locked skipped
    C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
    C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
    C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
    C:\Windows\Temp\CLDigitalHome\CLMS_AGENT_LOG1.txt Object is locked skipped
    C:\Windows\Temp\CLDigitalHome\PCMMediaServer.log Object is locked skipped
    C:\Windows\WindowsUpdate.log Object is locked skipped
    D:\Program Files\Windows Media Player\WMPSkin.exe/0 Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a skipped
    D:\Program Files\Windows Media Player\WMPSkin.exe/1 Suspicious: Worm.Win32.AutoIt.r skipped
    D:\Program Files\Windows Media Player\WMPSkin.exe QuickBatch: infected - 1, suspicious - 1 skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    D:\Users\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
    D:\WINDOWS\system32\sfr.exe/2 Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a skipped
    D:\WINDOWS\system32\sfr.exe QuickBatch: infected - 1 skipped
    E:\downloads\PARTITION_MAGIC_8.ISO/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    E:\downloads\PARTITION_MAGIC_8.ISO/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    E:\downloads\PARTITION_MAGIC_8.ISO/keyfinder.exe/data.rar Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    E:\downloads\PARTITION_MAGIC_8.ISO/keyfinder.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    E:\downloads\PARTITION_MAGIC_8.ISO ISOimage: infected - 4 skipped
    E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.
     
    keith 1000,
    #8
  10. 2008/03/12
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi keith 1000

    Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created.

    Ok You need to delete these.

    C:\Users\Keith\Paragon Partition Manager Professional 9.0 + Recovery CD Image Pro 9\fo-pm9c.exe
    I'm guessing you got this off Bittorrent along with the infection.

    D:\Program Files\Windows Media Player\WMPSkin.exe
    D:\WINDOWS\system32\sfr.exe
    These also take me to torrentbox also infected.

    E:\downloads\PARTITION_MAGIC_8.ISO/keyfinder.exe
    Which also takes me to Bittorrent and then again infected

    I don't wish to be rude, but I warned you last time about P2P file sharing.
    Unless you stop "I as in me myself" will no longer clean your system.
    It is a waste of my time, I could be helping others who don't purposely use programs that "will" infect themselves.

    It is your choice to use P2P, it is my choice not to waste my time.

    Surf Safely
    Geri
     
    Geri,
    #9
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...