Computer infected by unknown trojan

Please Help.

I’m having the same issue as the person here, not sure how the spyware got on my pc: http://www.windowsbbs.com/showthread.php?t=71640

Also, if you see any junk programs I should get rid of please let me know.

I downloaded Combo Fix and for the following log:

Code:

ComboFix 08-03-24.2 - Owner 2008-03-25 10:16:53.1 - NTFSx86
Running from: C:\Users\Owner\Desktop\ComboFix.exe
.
	/wow section - STAGE 41
pv: No matching processes found
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
CF10383.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-25  "C:\Program Files\*" >progfile.dat "
VFind.exe  -ltf -s-1000000 -d+2007-12-25  "C:\Program Files\* "
CF10383.exe /c cscript.exe //nologo //b //t:10 localdrive.vbs
cscript.exe  //nologo //b //t:10 localdrive.vbs
CF10383.exe /c cscript.exe //nologo SvcDrv.vbs
cscript.exe  //nologo SvcDrv.vbs
CF10383.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot "
pv  -d10000 * -t -l
0
\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k swprv
 "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe "
 "C:\Program Files\Common Files\Steam\SteamService.exe" /RunAsService
 "C:\Program Files\iPod\bin\iPodService.exe "
 "C:\Program Files\Windows Media Player\wmpnetwk.exe "
 "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe "
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\lxcfcoms.exe -service
 "c:\Program Files\Common Files\LightScribe\LSSrvc.exe "
 "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "
 "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
--standalone
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
 "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe "
 "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
 "c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe "
 "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe {E705A7D8-CDE3-4523-ABB1-9464545F756A}
taskeng.exe {0B52182A-EF0E-4590-9B08-5D871DE8A393}
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
 "C:\Windows\system32\Dwm.exe "
 "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-51bbc349-501e-40a4-8e16-905d0f3515a2 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-e7781ecc-46cc-469d-917d-6b2a30093b5f -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-00c5c3db-f01e-4eff-85b3-b56a221fdf17 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:7aa14f7b-d346-4440-86b9-78bab369940b
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe -Embedding
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
 "C:\Program Files\Windows Defender\MSASCui.exe" -hide
 "C:\hp\support\hpsysdrv.exe "
 "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe "
 "C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe "
 "C:\Windows\RtHDVCpl.exe "
 "C:\Windows\System32\jureg.exe "
C:\Windows\system32\schtasks.exe /create /tn  "JavaUpdateOwner" /tr C:\Windows\System32\jusched.exe /sc daily
 "C:\Program Files\HP\HP Software Update\hpwuSchd2.exe "
 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
 "C:\Program Files\Windows Media Player\wmpnscfg.exe "
 "C:\Program Files\iTunes\iTunesHelper.exe "
 "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
 "C:\Program Files\Steam\Steam.exe" -silent
 "C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe "
 "C:\Program Files\Mozilla Firefox\firefox.exe "
Findstr  -MIF:/  "\\TTC\.pdb InsertAdvertisement "
GREP  -i  "C:\\Program Files\\[^\\]*\\[^\\]*$ "
VFind  -tf -s282624  "C:\Program Files\????????*[0-9].dll "
CF10383.exe /c cscript.exe //nologo //b //t:10 localdrive.vbs
cscript.exe  //nologo //b //t:10 localdrive.vbs
CF10383.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot "
pv  -d30000 * -t -l


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
C:\Windows\system32\jusched.exe

.
(((((((((((((((((((((((((   Files Created from 2008-02-25 to 2008-03-25  )))))))))))))))))))))))))))))))
.

2008-03-25 09:55 . 2008-03-25 09:54	102,664	--a------	C:\Windows\System32\drivers\tmcomm.sys
2008-03-25 09:54 . 2008-03-25 09:56	<DIR>	d--------	C:\Users\Owner\.housecall6.6
2008-03-25 09:30 . 2008-03-25 09:30	212,480	--a------	C:\Windows\dsaip32b.dll
2008-03-25 09:30 . 2008-03-25 09:30	52	--a------	C:\xmp.bat
2008-03-25 01:42 . 2008-03-25 01:42	186,463,486	--a------	C:\Windows\MEMORY.DMP
2008-03-22 23:03 . 2008-03-22 23:03	<DIR>	d--------	C:\Users\Owner\AppData\Roaming\Amazon
2008-03-22 22:35 . 2008-03-22 22:35	<DIR>	d--------	C:\Windows\5E2B1ED07B714015929EE3651CF3F5EF.TMP
2008-03-22 21:55 . 2008-03-22 21:55	<DIR>	d--------	C:\Program Files\ZTekWare
2008-03-22 21:53 . 2008-03-22 21:53	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard
2008-03-19 09:44 . 2007-03-12 16:42	3,495,784	--a------	C:\Windows\System32\d3dx9_33.dll
2008-03-19 09:44 . 2006-11-29 13:06	3,426,072	--a------	C:\Windows\System32\d3dx9_32.dll
2008-03-19 09:44 . 2007-03-12 16:42	1,123,696	--a------	C:\Windows\System32\D3DCompiler_33.dll
2008-03-19 09:44 . 2007-03-15 16:57	443,752	--a------	C:\Windows\System32\d3dx10_33.dll
2008-03-19 09:44 . 2006-11-29 13:06	440,080	--a------	C:\Windows\System32\d3dx10.dll
2008-03-19 09:44 . 2007-04-04 18:55	261,480	--a------	C:\Windows\System32\xactengine2_7.dll
2008-03-19 09:44 . 2007-01-24 15:27	255,848	--a------	C:\Windows\System32\xactengine2_6.dll
2008-03-19 09:44 . 2006-12-08 12:02	251,672	--a------	C:\Windows\System32\xactengine2_5.dll
2008-03-19 09:44 . 2007-04-04 18:53	81,768	--a------	C:\Windows\System32\xinput1_3.dll
2008-03-19 09:41 . 2008-03-25 00:09	<DIR>	d--------	C:\Program Files\Savage 2 - A Tortured Soul
2008-03-19 06:30 . 2008-03-19 06:30	<DIR>	d--------	C:\Windows\Sun
2008-03-17 22:19 . 2008-03-17 22:20	<DIR>	d--------	C:\Program Files\DeductionPro 2007
2008-03-17 21:50 . 2008-03-17 21:50	<DIR>	d--------	C:\Users\All Users\pdf995
2008-03-17 21:50 . 2008-03-17 21:50	<DIR>	d--------	C:\ProgramData\pdf995
2008-03-17 21:50 . 2008-03-17 21:50	249,856	--a------	C:\Windows\System32\pdfmona.dll
2008-03-17 21:50 . 2008-03-17 21:50	51,716	--a------	C:\Windows\System32\pdf995mon.dll
2008-03-17 21:50 . 2007-08-24 11:13	142	--a------	C:\Windows\wpd99.drv
2008-03-17 21:49 . 2008-03-17 21:49	<DIR>	d--------	C:\Users\Owner\AppData\Roaming\TaxCut
2008-03-17 21:48 . 2008-03-17 21:49	<DIR>	d--------	C:\Program Files\TaxCut07
2008-03-17 21:48 . 2008-03-17 21:50	<DIR>	d--------	C:\Program Files\PDF995
2008-03-17 21:46 . 2008-03-17 21:46	<DIR>	d--------	C:\Users\All Users\TaxCut
2008-03-17 21:46 . 2008-03-17 21:46	<DIR>	d--------	C:\ProgramData\TaxCut
2008-03-17 21:45 . 2008-03-17 21:45	<DIR>	d--hs----	C:\Windows\ftpcache
2008-03-16 13:00 . 2008-03-16 13:00	<DIR>	d--------	C:\Program Files\Netflix
2008-03-16 01:37 . 2007-11-14 15:18	553	--a------	C:\Windows\USetup.iss
2008-03-16 01:35 . 2008-01-15 11:26	4,874,240	--a------	C:\Windows\RtHDVCpl.exe
2008-03-16 01:35 . 2008-01-07 19:30	2,156,544	--a------	C:\Windows\System32\RtkAPO.dll
2008-03-16 01:35 . 2008-01-15 19:19	2,047,576	--a------	C:\Windows\System32\drivers\RTKVHDA.sys
2008-03-16 01:35 . 2007-11-07 17:31	1,191,936	--a------	C:\Windows\RtlUpd.exe
2008-03-16 01:35 . 2008-01-09 18:52	636,416	--a------	C:\Windows\System32\RtkPgExt.dll
2008-03-16 01:35 . 2007-11-13 12:35	532,480	--a------	C:\Windows\System32\RTSndMgr.cpl
2008-03-16 01:35 . 2008-01-14 16:18	29,696	--a------	C:\Windows\System32\RtkCoInst.dll
2008-03-12 00:58 . 2007-12-16 18:50	1,060,920	--a------	C:\Windows\System32\drivers\ntfs.sys
2008-03-12 00:58 . 2007-12-16 05:56	41,984	--a------	C:\Windows\System32\drivers\monitor.sys
2008-03-10 00:16 . 2008-03-10 00:17	<DIR>	d--------	C:\Program Files\Common Files\Adobe
2008-03-02 18:54 . 2008-03-02 18:54	<DIR>	d--------	C:\Tmp
2008-03-02 18:53 . 2008-03-02 18:53	<DIR>	d--------	C:\Program Files\Taksi
2008-03-02 16:24 . 2008-03-02 17:11	<DIR>	d-a------	C:\Users\All Users\TEMP
2008-03-02 16:24 . 2008-03-02 17:11	<DIR>	d-a------	C:\ProgramData\TEMP
2008-03-02 16:24 . 2008-03-02 16:30	<DIR>	d--------	C:\Fraps
2008-03-02 15:43 . 2008-03-25 09:45	<DIR>	d--------	C:\Users\Owner\AppData\Roaming\AVG7
2008-03-02 15:40 . 2008-03-02 15:40	9,216	--a------	C:\Windows\System32\avgwlntf.dll
2008-03-02 15:39 . 2008-03-02 15:39	<DIR>	d--------	C:\Users\All Users\Grisoft
2008-03-02 15:39 . 2008-03-25 09:32	<DIR>	d--------	C:\Users\All Users\avg7
2008-03-02 15:39 . 2008-03-02 15:39	<DIR>	d--------	C:\ProgramData\Grisoft
2008-03-02 15:39 . 2008-03-25 09:32	<DIR>	d--------	C:\ProgramData\avg7

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 10:21	---------	d-----w	C:\Program Files\Steam
2008-03-25 01:56	---------	d-----w	C:\ProgramData\Symantec
2008-03-23 02:02	---------	d-----w	C:\Program Files\Lx_cats
2008-03-21 03:51	---------	d-----w	C:\Program Files\America's Army
2008-03-18 02:19	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-03-16 05:35	319,456	----a-w	C:\Windows\DIFxAPI.dll
2008-03-12 11:55	---------	d-----w	C:\Program Files\Common Files\Steam
2008-03-12 07:08	---------	d-----w	C:\Program Files\Windows Mail
2008-03-07 01:32	706	----a-w	C:\Windows\system32\drivers\COH_Mon.inf
2008-03-07 01:32	23,904	----a-w	C:\Windows\system32\drivers\COH_Mon.sys
2008-03-07 01:32	10,537	----a-w	C:\Windows\system32\drivers\COH_Mon.cat
2008-03-02 23:10	---------	d-----w	C:\Program Files\Microsoft Games
2008-03-02 23:08	---------	d-----w	C:\Program Files\Frets on Fire
2008-02-24 14:20	---------	d-----w	C:\Program Files\iTunes
2008-02-24 14:20	---------	d-----w	C:\Program Files\iPod
2008-02-24 14:19	---------	d-----w	C:\Program Files\QuickTime
2008-02-23 05:08	---------	d-----w	C:\Program Files\GameSpy Arcade
2008-02-21 12:40	---------	d-----w	C:\Program Files\America's Army Server Manager
2008-02-21 01:06	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-02-17 04:12	---------	d-----w	C:\Users\Owner\AppData\Roaming\WinBatch
2008-02-13 08:12	194,560	----a-w	C:\Windows\System32\WebClnt.dll
2008-02-13 08:12	110,080	----a-w	C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 08:06	803,328	----a-w	C:\Windows\system32\drivers\tcpip.sys
2008-02-13 08:06	45,112	----a-w	C:\Windows\system32\drivers\pciidex.sys
2008-02-13 08:06	3,505,720	----a-w	C:\Windows\System32\ntkrnlpa.exe
2008-02-13 08:06	3,471,928	----a-w	C:\Windows\System32\ntoskrnl.exe
2008-02-13 08:06	24,064	----a-w	C:\Windows\System32\netcfg.exe
2008-02-13 08:06	22,016	----a-w	C:\Windows\System32\netiougc.exe
2008-02-13 08:06	216,632	----a-w	C:\Windows\system32\drivers\netio.sys
2008-02-13 08:06	21,560	----a-w	C:\Windows\system32\drivers\atapi.sys
2008-02-13 08:06	17,464	----a-w	C:\Windows\system32\drivers\intelide.sys
2008-02-13 08:06	167,424	----a-w	C:\Windows\System32\tcpipcfg.dll
2008-02-13 08:06	154,624	----a-w	C:\Windows\system32\drivers\nwifi.sys
2008-02-13 08:06	109,624	----a-w	C:\Windows\system32\drivers\ataport.sys
2008-02-13 08:05	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-02-13 08:05	449,536	----a-w	C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 08:05	4,247,552	----a-w	C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 08:05	2,144,256	----a-w	C:\Windows\AppPatch\AcGenral.dll
2008-02-13 08:05	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 08:05	1,686,528	----a-w	C:\Windows\System32\gameux.dll
2008-02-13 08:02	824,832	----a-w	C:\Windows\System32\wininet.dll
2008-02-13 08:02	56,320	----a-w	C:\Windows\System32\iesetup.dll
2008-02-13 08:02	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll
2008-02-13 08:02	26,624	----a-w	C:\Windows\System32\ieUnatt.exe
2008-02-10 23:05	---------	d-----w	C:\Program Files\Virtools
2008-02-10 21:59	---------	d-----w	C:\Program Files\Unity
2008-02-10 07:56	---------	d-----w	C:\Program Files\Majesco Entertainment
2008-02-09 04:14	---------	d-----w	C:\Users\Owner\AppData\Roaming\Bioshock
2008-01-31 13:59	---------	d-----w	C:\Program Files\Azureus
2008-01-31 13:57	---------	d-----w	C:\Users\Owner\AppData\Roaming\Azureus
2008-01-29 04:45	2,838,440	----a-w	C:\Program Files\Shockwave_Installer_Slim.exe
2008-01-28 13:36	---------	d-----w	C:\ProgramData\Azureus
2008-01-28 12:37	---------	d-----w	C:\Program Files\Java
2008-01-28 12:30	7,792,648	----a-w	C:\Program Files\Azureus_3.0.4.2_windows.exe
2008-01-19 14:49	32,618,416	----a-w	C:\Program Files\cjr730EN.exe
2008-01-16 06:19	33,810,889	----a-w	C:\Program Files\FretsOnFire-1.2.512-win32.exe
2008-01-14 12:52	81,920	----a-w	C:\Windows\System32\frapsvid.dll
2008-01-10 08:01	11,776	----a-w	C:\Windows\System32\sbunattend.exe
2008-01-10 05:50	1,244,672	----a-w	C:\Windows\System32\mcmde.dll
2008-01-01 01:15	0	----a-w	C:\Users\Owner\AppData\Roaming\wklnhst.dat
2007-12-30 04:44	17,322,400	----a-w	C:\Program Files\DivXInstaller.exe
2007-12-28 13:53	1,156,096	----a-w	C:\Program Files\iview410_setup.exe
2007-12-20 00:04	174	--sha-w	C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3084A75F-5350-4D8B-BC5F-6B378035C133}]
2008-03-25 09:30	212480	--a------	C:\Windows\dsaip32b.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:02 1232896]
 "WindowsWelcomeCenter "= "oobefldr.dll" [2006-11-02 08:34 2159104 C:\Windows\System32\oobefldr.dll]
 "Steam "= "C:\Program Files\Steam\Steam.exe" [2008-01-06 15:49 1266936]
 "WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-19 19:51 1006264]
 "hpsysdrv "= "c:\hp\support\hpsysdrv.exe" [2007-04-18 11:01 65536]
 "OsdMaestro "= "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 07:59 118784]
 "IAAnotif "= "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 20:36 178712]
 "RtHDVCpl "= "RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]
 "HP Health Check Scheduler "= "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 17:13 71176]
 "SunJavaUpdateReg "= "C:\Windows\system32\jureg.exe" [2007-09-25 02:11 54672]
 "HP Software Update "= "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 20:24 54840]
 "ccApp "= "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 18:59 115816]
 "LXCFCATS "= "C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-09-14 10:39 73728]
 "Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
 "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
 "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
 "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-02 15:45 579072]
 "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
 "NvSvc "= "C:\Windows\system32\nvsvc.dll" [2007-08-27 17:59 86016]
 "NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [2007-08-27 17:59 8473120]
 "NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [2007-08-27 17:59 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
 "PCDrProfiler "= "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-06-25 17:21 73728]
 "Launcher "= "%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
 "AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-02 15:39 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
 "EnableLUA "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-03-02 15:40 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
 "UacDisableNotify "=dword:00000001
 "InternetSettingsDisableNotify "=dword:00000001
 "AutoUpdateDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
 "DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
 "DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
 "EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
 "{445B056D-FC39-4D90-B275-57C90F254C2F} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
 "{02D8D442-00E0-4D3C-906B-5711633081FE} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
 "{E34242D3-D8D7-4F73-B117-4E857D04DE19} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
 "{FC8BE1D6-52FE-48B3-8086-BF64FE764DD8} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
 "{98B7356C-80EF-440B-AC50-03FB883E827E} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
 "{988EFFA6-521F-49EE-A8B4-C856A5B54F08} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
 "{973F71F7-B455-43F0-BFF6-234236A3CD2E} "= UDP:C:\Windows\System32\lxcfcoms.exe:Lexmark Communications System
 "{F8315571-01CD-41E6-B7EB-5685527E329C} "= TCP:C:\Windows\System32\lxcfcoms.exe:Lexmark Communications System
 "{6E1DBCC4-6201-4EA7-ABA8-F5688C0E7774} "= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxcfpswx.exe:Printer Status Window
 "{DE02C8E8-054D-442F-9900-E57C96190811} "= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxcfpswx.exe:Printer Status Window
 "{9BFED08B-55B9-43A1-8711-DC244D25F678} "= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
 "{45D1282F-76AF-4547-A555-1C3417E1E02C} "= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
 "EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
 "DFSR-1 "= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
 "EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
 "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe "= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 OCDE;ZTekWare Original CD Emulator Service;C:\Windows\system32\Drivers\OCDE.sys [2007-08-25 18:27]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080215.002\IDSvix86.sys [2008-02-13 12:18]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-11 11:37]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]
S3 Symantec RemoteAssist;Symantec RemoteAssist; "C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe" [2008-01-29 17:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29299c09-b0cd-11dc-a296-001e8c0611f0}]
\shell\AutoRun\command - K:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
 "2008-03-15 13:48:10 C:\Windows\Tasks\HPCeeScheduleForOwner.job "
- C:\program files\hewlett-packard\sdp\ceement\HPCEE.exe
 "2008-03-25 10:22:32 C:\Windows\Tasks\User_Feed_Synchronization-{5707D3CE-EE5C-4139-A248-5E0A6DDFE42A}.job "
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-03-25 10:23:10
Windows 6.0.6000  NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXCFCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-03-25 10:35:50
ComboFix-quarantined-files.txt  2008-03-25 14:35:45
.
2008-03-19 00:15:09	--- E O F ---

 

I wanted to mention that I couldn't follow all of the other directions because I do not see C:\Windows\msvidc32.dll.

Also, I wanted to mention that House Call (http://housecall65.trendmicro.com/) identified c:\Windows\dsaip32b.dll as a possible virus, but I wasn't sure if I should delete it or not. I see that it was created today, which made me think maybew it was-- didn't want to risk deleting something important tho.

 

Welcome to WindowsBBS Chris

You really shouldn't apply the fixes recommended to someone else, as yours may differ. ComboFix is a very powerful tool, and it's not recommended to use it without guidance by someone trained with it's use. Lets see what we can do with another tool.

Please download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Post the entire report in your next reply along with a log from Deckards System Scanner (instructions below).

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Deckards System Scanner

Download Deckard's System Scanner (dss.exe) and save it to your desktop.

• Close all applications and windows.
• Double click on dss.exe to run it and follow the prompts.
• When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

 

Thanks so much for the help. The problem with only knowing enough to get in trouble is making stupid mistakes—you’re absolutely right about not using someone else’s fix. I thought I was helping to move the conversation forward by looking through someone else’s help but you’re right; this is not a good idea. Thanks for the advice.

Also, quickly, I wanted to mention that Friday night I attempted to open a program that froze (program was a game demo, should be fine). I manually turned the PC off. When I attempted to restart it couldn’t. I took it through restart restore a few times (took forever) and it came back up, so here I am. Possibly unrelated, but wanted to note in case it is related.


Malwarebytes' Anti-Malware 1.09
Database version: 572

Scan type: Quick Scan
Objects scanned: 29633
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dsaip32b.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3084a75f-5350-4d8b-bc5f-6b378035c133} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{3084a75f-5350-4d8b-bc5f-6b378035c133} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3084a75f-5350-4d8b-bc5f-6b378035c133} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\dsaip32b.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dsaip32b.Video (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\xmp.bat (Trojan.Downloader) -> Quarantined and deleted successfully.


And

Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-30 23:38:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 1 Restore Point(s) --
1: 2008-03-30 06:28:49 UTC - RP81 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 1022 MiB (1024 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-30 23:40:28
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\schtasks.exe
C:\Users\Owner\Desktop\dss.exe
C:\Windows\System32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe "
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe "
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe "
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} () - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\system32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcf_device - Unknown owner - C:\Windows\System32\lxcfcoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCom\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


--
End of file - 10578 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 OCDE (ZTekWare Original CD Emulator Service) - c:\windows\system32\drivers\ocde.sys <Not Verified; ZTekWare.; ZTekWare Original CD Emulator>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-30 01:10:08 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{5707D3CE-EE5C-4139-A248-5E0A6DDFE42A}.job
2008-03-15 09:48:10 322 --a------ C:\Windows\Tasks\HPCeeScheduleForOwner.job


-- Files created between 2008-02-29 and 2008-03-30 -----------------------------

2008-03-30 23:26:21 0 d-------- C:\Users\All Users\Malwarebytes
2008-03-30 23:26:19 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-26 09:15:41 0 d-------- C:\Program Files\Activision
2008-03-26 00:02:16 0 d--h----- C:\Users\All Users\{5553977E-AF8B-4870-AEB6-53B6C1BC822D}
2008-03-25 23:56:48 0 d-------- C:\Program Files\Stardock Games
2008-03-25 10:14:29 68096 --a------ C:\Windows\system32\zip.exe
2008-03-25 10:14:29 98816 --a------ C:\Windows\system32\sed.exe
2008-03-25 10:14:29 80412 --a------ C:\Windows\system32\grep.exe
2008-03-25 10:14:29 73728 --a------ C:\Windows\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-25 09:54:53 0 d-------- C:\Users\Owner\.housecall6.6
2008-03-22 22:35:40 0 d-------- C:\Windows\5E2B1ED07B714015929EE3651CF3F5EF.TMP
2008-03-22 21:55:41 0 d-------- C:\Program Files\ZTekWare
2008-03-22 21:53:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-19 09:41:34 0 d-------- C:\Program Files\Savage 2 - A Tortured Soul
2008-03-19 06:30:53 0 d-------- C:\Windows\Sun
2008-03-17 22:19:30 0 d-------- C:\Program Files\DeductionPro 2007
2008-03-17 21:50:39 249856 --a------ C:\Windows\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-03-17 21:50:39 51716 --a------ C:\Windows\system32\pdf995mon.dll
2008-03-17 21:50:39 0 d-------- C:\Users\All Users\pdf995
2008-03-17 21:48:12 0 d-------- C:\Program Files\TaxCut07
2008-03-17 21:48:12 0 d-------- C:\Program Files\PDF995
2008-03-17 21:46:34 0 d-------- C:\Users\All Users\TaxCut
2008-03-17 21:45:15 0 d--hs---- C:\Windows\ftpcache
2008-03-16 13:00:57 0 d-------- C:\Program Files\Netflix
2008-03-10 00:16:29 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-03 10:50:24 0 dr-h----- C:\$VAULT$.AVG
2008-03-02 18:54:32 0 d-------- C:\Tmp
2008-03-02 18:53:28 0 d-------- C:\Program Files\Taksi
2008-03-02 16:24:33 0 d-a------ C:\Users\All Users\TEMP
2008-03-02 16:24:32 0 d-------- C:\Fraps
2008-03-02 15:39:48 0 d-------- C:\Users\All Users\Grisoft
2008-03-02 15:39:48 0 d-------- C:\Users\All Users\avg7


-- Find3M Report ---------------------------------------------------------------

2008-03-30 23:26:53 0 d-------- C:\Users\Owner\AppData\Roaming\Malwarebytes
2008-03-30 01:13:54 0 d-------- C:\Users\Owner\AppData\Roaming\Roxio
2008-03-30 01:08:39 0 d-------- C:\Program Files\Steam
2008-03-26 09:20:26 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-25 23:18:02 0 d-------- C:\Users\Owner\AppData\Roaming\DivX
2008-03-25 09:45:38 0 d-------- C:\Users\Owner\AppData\Roaming\AVG7
2008-03-22 23:03:45 0 d-------- C:\Users\Owner\AppData\Roaming\Amazon
2008-03-22 22:02:34 0 d-------- C:\Program Files\Lx_cats
2008-03-22 21:53:52 0 d-------- C:\Program Files\Common Files
2008-03-20 23:51:42 0 d-------- C:\Program Files\America's Army
2008-03-17 21:49:37 0 d-------- C:\Users\Owner\AppData\Roaming\TaxCut
2008-03-12 07:55:09 0 d-------- C:\Program Files\Common Files\Steam
2008-03-12 03:08:47 0 d-------- C:\Program Files\Windows Mail
2008-03-02 19:10:14 0 d-------- C:\Program Files\Microsoft Games
2008-03-02 19:08:49 0 d-------- C:\Program Files\Frets on Fire
2008-02-24 10:20:13 0 d-------- C:\Program Files\iTunes
2008-02-24 10:20:07 0 d-------- C:\Program Files\iPod
2008-02-24 10:19:06 0 d-------- C:\Program Files\QuickTime
2008-02-23 01:08:02 0 d-------- C:\Program Files\GameSpy Arcade
2008-02-21 08:40:59 0 d-------- C:\Program Files\America's Army Server Manager
2008-02-20 21:06:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-17 00:12:19 0 d-------- C:\Users\Owner\AppData\Roaming\WinBatch
2008-02-10 19:05:52 0 d-------- C:\Program Files\Virtools
2008-02-10 17:59:14 0 d-------- C:\Program Files\Unity
2008-02-10 03:56:02 0 d-------- C:\Program Files\Majesco Entertainment
2008-02-09 00:14:30 0 d-------- C:\Users\Owner\AppData\Roaming\Bioshock
2008-01-31 09:59:59 0 d-------- C:\Program Files\Azureus
2008-01-31 09:57:18 0 d-------- C:\Users\Owner\AppData\Roaming\Azureus
2008-01-16 02:19:57 33810889 --a------ C:\Program Files\FretsOnFire-1.2.512-win32.exe
2008-01-14 08:52:00 81920 --a------ C:\Windows\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2007-12-31 21:15:10 0 --a------ C:\Users\Owner\AppData\Roaming\wklnhst.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [12/19/2007 07:51 PM]
"hpsysdrv "= "c:\hp\support\hpsysdrv.exe" [04/18/2007 11:01 AM]
"OsdMaestro "= "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [02/15/2007 07:59 AM]
"IAAnotif "= "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [07/12/2007 08:36 PM]
"RtHDVCpl "= "RtHDVCpl.exe" [01/15/2008 11:26 AM C:\Windows\RtHDVCpl.exe]
"HP Health Check Scheduler "= "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [05/24/2007 05:13 PM]
"SunJavaUpdateReg "= "C:\Windows\system32\jureg.exe" [09/25/2007 02:11 AM]
"HP Software Update "= "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 08:24 PM]
"ccApp "= "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 06:59 PM]
"LXCFCATS "= "C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [09/14/2005 10:39 AM]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 06:38 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/02/2008 03:45 PM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [08/27/2007 05:59 PM]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [08/27/2007 05:59 PM]
"NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [08/27/2007 05:59 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [01/10/2008 04:02 AM]
"WindowsWelcomeCenter "= "oobefldr.dll,ShowWelcomeCenter" []
"Steam "= "C:\Program Files\Steam\Steam.exe" [03/27/2008 09:19 PM]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"PCDrProfiler "=C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r
"Launcher "=%WINDIR%\SMINST\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe [5/7/2007 2:35:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "=2 (0x2)
"DisableRegistryTools "=0 (0x0)
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=1 (0x1)
"HideStartupScripts "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=1 (0x1)
"HideStartupScripts "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 03/02/2008 03:40 PM 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@= "IEEE 1394 Bus host controllers "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@= "SBP2 IEEE 1394 Devices "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@= "SecurityDevices "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29299c09-b0cd-11dc-a296-001e8c0611f0}]
AutoRun\command- K:\LaunchU3.exe -a

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-03-30 23:41:58 ------------

 

Your log looks good. How's the computer behaving now? Recommend you run an online virus scan to see if there's anything else lingering. Please do an online scan with Kaspersky WebScanner

Click Scan Now and accept the agreement. You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Post the Kaspersky log here.

 

Sorry it took a little while to get back. My PC has been overall behaving well, with a few quirks. It restarts itself sometimes (and actually restarted itself last night when I first tried to run the scan). Also, in the last couple of days it goes through periods were programs aren’t starting (two games- Audiosurf and The Movies and iTunes were all non-functioning today). Not sure any of this is anything you can assist with though.

Here is the Kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 09, 2008 6:39:48 AM
Operating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/04/2008
Kaspersky Anti-Virus database records: 691931
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\

Scan Statistics:
Total number of scanned objects: 177671
Number of viruses found: 6
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 02:10:07

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\CPSSMasterCatalog.ini Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080325-105444-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080325-105458-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080326-013442-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080326-013555-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080326-080309-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080326-080324-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080327-213026-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080327-213044-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080330-011909-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080330-011926-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\MpCmdRun.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\MpSigStub.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\~DF6DB7.tmp Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\PC-Doctor 5 for Windows\Configuration\config.xml Object is locked skipped
C:\Program Files\Steam\logs\connection_log.txt Object is locked skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\steamapps\winui.gcf Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.bak Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2008-04-09_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
C:\ProgramData\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\ProgramData\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll.vir Infected: not-a-virus:AdWare.Win32.Shopper.v skipped
C:\Users\Owner\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008040920080410\index.dat Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows\UsrClass.dat{55d7549a-b0c5-11dc-a555-001e8c0611f0}.TM.blf Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows\UsrClass.dat{55d7549a-b0c5-11dc-a555-001e8c0611f0}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows\UsrClass.dat{55d7549a-b0c5-11dc-a555-001e8c0611f0}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows Defender\FileTracker\{BB47BC27-1386-4363-9648-F240F763914B} Object is locked skipped
C:\Users\Owner\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Owner\AppData\Local\Temp\Low\~DFAB56.tmp Object is locked skipped
C:\Users\Owner\AppData\Local\Temp\Low\~DFBE42.tmp Object is locked skipped
C:\Users\Owner\AppData\Local\Temp\Low\~DFBE7B.tmp Object is locked skipped
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Owner\.housecall6.6\Quarantine\107cd1bb-201c2d59.bac_a05448/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Users\Owner\.housecall6.6\Quarantine\107cd1bb-201c2d59.bac_a05448/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skipped
C:\Users\Owner\.housecall6.6\Quarantine\107cd1bb-201c2d59.bac_a05448/Installer.class Infected: Trojan-Downloader.Java.Agent.a skipped
C:\Users\Owner\.housecall6.6\Quarantine\107cd1bb-201c2d59.bac_a05448 ZIP: infected - 3 skipped
C:\Users\Owner\.housecall6.6\Quarantine\107cd1bb-201c2d59.bac_a05448 CryptFF.b: infected - 3 skipped
C:\Users\Owner\.housecall6.6\Quarantine\dsaip32b.dll.bac_a05448 Infected: Trojan-Downloader.Win32.Delf.gcl skipped
C:\Users\Owner\Desktop\Psychonauts-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Users\Owner\NTUSER.DAT Object is locked skipped
C:\Users\Owner\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Owner\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Installer\MSID434.tmp Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{ED6F17F4-AA97-49D9-9FFB-DD331707FC60}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG1 Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG2 Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\1E2E58C73053C7775EB226DB5E739137.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2CE523184A801AA7361A7039E2D6B41D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\376786241A5443E41378D25CF812FCC1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4CB32C0A77CD4D9B0C9618F73F786C32.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5B5D21CF62E70BACF9D085E6AA6CE143.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\87AA2A001CE3E89926688B93E4DC2992.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8A94AF24F162D580E3D9889344A3A317.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8C718B5AFD373885B68D2836088CAF9A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\96ABB1671705F680578FE240427CBD4F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9CD33F0956942860B50AA1B9330DEFAF.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA742824DCADA846BA4B665D686DD5D6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D1A1B12A7DA3F9675C01397A26DBF4B3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D4C4BA54B6A8FA6211E60E2ADFF7426A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd Object is locked skipped

Scan process completed.

 

Please delete the ComboFix.exe file you currently have and replace it with a fresh copy from here. Make sure you save it to the same place from which you previously ran it.

Now, please delete the infected file C:\Users\Owner\Desktop\Psychonauts-dm.exe, and the contents of the C:\Users\Owner\.housecall6.6\Quarantine folder.

Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now, click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing the infected files there as well. The C:\Deckard's folder will also be removed. You can delete any logs that were created/saved too.


Reboot and let me know if the computer continues to randomly restart.

 

As of yet, no more noted issues with my PC restarting (I’ve been gone a lot lately, so not positive about this). A question: I’m still having issues with certain programs being unresponsive. I can’t open itunes anymore unless I restart my PC. The same is true for the games The Movies and Audiosurf. Other programs like Steam or Microsoft Office work fine though. I’m not sure this belongs here, in the virus section or not. Could this be a conflict with a new HP update or something? How would I find out?

Not sure if you can help or not, or if this is proper to include in the virus posting, but thought I’d ask.

Thanks.

 

You might have better luck with those issues in the Vista forum. Try re-installing anything that is currently requiring you to restart before it will run. When trying to open any of those, have a look at the Task Manager to see what the cpu usage is doing. Check the device manager for errors .... anything with a yellow triangle beside it. Check for available driver updates for your audio and video adapters.

I do believe your computer is clean now, and what remains is unrelated to malware.