Solved Trojan.Vundo/Virtumonde

[Resolved] Trojan.Vundo/Virtumonde

Hi

Yesterday I started getting pop-ups advertising dating agencies and bogus spyware reports. I ran a full scan on Norton Internet Security which came back with a clean bill of health. I was suspicious and so downloaded adaware and ran that. It reported that my computer was infected with a virtumonde trojan and gave the option of removing it. When I rescanned it found the trojan again.

Today Norton Autoprotect found a Trojan.vundo. It reported that it had completely removed it and adaware found nothing. I am having repeated problems accessing the internet using Firefox, particularly gmail. An error comes up telling me that the connection to the server was reset while firefox was attempting to access the page. Also Windows keeps giving me the message that windows explorer has stopped working and it has to restart it.

As I write this things have got worse. My computer is now incredibley slow and task manager shows my CPU at 100% with taskmgr.exe and explorer.exe using 60% between them and very little else running (I only have firefox running).

I have since rebooted and then computer is much faster but when it reloaded i got two error messages telling me that C:\...\ AppData\Local\Temp\fccccCVI.dll and tuvVLfEv.dll could not be found.

I'm not sure whether the trojan is still there or I'm just feeling the after effects. Any help would be greatly appreciated as I am getting increasingly concerned.

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33:11, on 24/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0 "
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\henry\AppData\Local\Temp\fccccCVl.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\henry\AppData\Local\Temp\tuvVLfEv.dll,c
O4 - HKCU\..\Run: [6600da37] rundll32.exe "C:\Users\henry\AppData\Local\Temp\crcrxurx.dll ",b
O4 - HKCU\..\Run: [BM6533e9ab] Rundll32.exe "C:\Users\henry\AppData\Local\Temp\jrknkuas.dll ",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 12137 bytes

 

DSS log

Deckard's System Scanner v20071014.68
Run by henry on 2008-06-24 15:34:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as henry.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:34:11, on 24/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\henry\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\henry.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0 "
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\henry\AppData\Local\Temp\fccccCVl.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\henry\AppData\Local\Temp\tuvVLfEv.dll,c
O4 - HKCU\..\Run: [6600da37] rundll32.exe "C:\Users\henry\AppData\Local\Temp\crcrxurx.dll ",b
O4 - HKCU\..\Run: [BM6533e9ab] Rundll32.exe "C:\Users\henry\AppData\Local\Temp\jrknkuas.dll ",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 12154 bytes

-- Files created between 2008-05-24 and 2008-06-24 -----------------------------

2008-06-24 11:13:45 0 d-------- C:\Program Files\Trend Micro
2008-06-23 21:17:26 0 d-------- C:\Program Files\Lavasoft
2008-06-23 21:17:25 0 d-------- C:\Users\All Users\Lavasoft
2008-06-23 21:14:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-22 16:31:10 0 d-------- C:\Users\All Users\Adobe Systems
2008-06-22 13:57:37 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-06-21 15:33:06 0 d-------- C:\Program Files\Mathsoft
2008-06-21 15:24:42 0 d-------- C:\Windows\system32\URTTEMP
2008-06-21 07:54:23 0 d-------- C:\Program Files\AC3Filter
2008-06-20 11:16:25 0 d-------- C:\Program Files\Winamp
2008-06-20 11:16:15 0 d-------- C:\Program Files\Monkey's Audio
2008-06-14 22:09:34 0 d-------- C:\Program Files\R
2008-06-14 20:56:37 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-14 20:56:29 0 d-------- C:\Program Files\DivX
2008-06-09 10:58:00 0 d-------- C:\PerfLogs
2008-06-08 17:59:20 0 d-------- C:\Program Files\VideoLAN
2008-06-06 19:44:57 0 d-------- C:\Program Files\THQ
2008-06-06 19:17:31 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-06 18:52:01 0 d-------- C:\Users\All Users\WinZip
2008-06-06 16:19:21 0 d-------- C:\Users\All Users\LightScribe
2008-06-06 14:36:31 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-06 12:02:14 0 d-------- C:\Users\All Users\SonicStage
2008-06-06 11:55:38 0 d-------- C:\Users\All Users\HP
2008-06-06 11:50:54 770048 --a------ C:\Windows\system32\CDDBUISony.dll <Not Verified; Gracenote; CDDBUIControl Module>
2008-06-06 11:50:54 532480 --a------ C:\Windows\system32\CddbPlaylist2Sony.dll <Not Verified; ; CddbPlaylist2 Module>
2008-06-06 11:50:53 589824 --a------ C:\Windows\system32\CddbMusicIDSony.dll <Not Verified; Gracenote; CddbMusicID Module>
2008-06-06 11:50:53 73728 --a------ C:\Windows\system32\CddbLinkSony.dll <Not Verified; Gracenote; CddbLink Module>
2008-06-06 11:50:53 655360 --a------ C:\Windows\system32\CDDBControlSony.dll <Not Verified; Gracenote, Inc.; CDDBControl Core Module>
2008-06-06 11:48:58 0 d-------- C:\Users\All Users\Sony Corporation
2008-06-06 11:47:17 0 d-------- C:\Program Files\Sony
2008-06-06 11:47:12 0 d-------- C:\Windows\system32\Iosubsys
2008-06-06 11:45:46 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-06-05 21:22:59 0 d-------- C:\Program Files\Google
2008-06-05 13:10:35 0 d-------- C:\Users\All Users\eMule
2008-06-05 13:10:35 0 d-------- C:\Program Files\eMule
2008-06-05 13:02:18 0 d-------- C:\Program Files\Soulseek
2008-06-04 00:59:57 0 d--hs---- C:\System Volume Information
2008-06-03 18:49:00 0 d-------- C:\Program Files\MSXML 4.0
2008-06-03 18:34:47 56 --ah----- C:\Users\All Users\ezsidmv.dat
2008-06-03 18:33:20 0 --a------ C:\Windows\nsreg.dat
2008-06-03 18:32:38 0 d-------- C:\Program Files\Skype
2008-06-03 18:32:38 0 d-------- C:\Program Files\Common Files\Skype
2008-06-03 18:32:25 0 d-------- C:\Users\All Users\Skype
2008-06-03 17:52:45 0 d-------- C:\Users\henry\Bluetooth Software
2008-06-03 17:52:16 0 dr------- C:\Users\henry\Searches
2008-06-03 17:52:06 0 dr------- C:\Users\henry\Contacts
2008-06-03 17:52:02 81 --a------ C:\Windows\system32\LOG
2008-06-03 17:52:00 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-06-03 17:20:43 0 d-------- C:\Users\All Users\Electronic Arts
2008-06-03 17:16:23 0 d-------- C:\Program Files\Electronic Arts
2008-06-03 17:14:10 0 d-------- C:\Program Files\Common Files\LightScribe
2008-06-03 17:12:25 0 dr------- C:\Users\henry\Videos
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\Templates
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\Start Menu
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\SendTo
2008-06-03 17:12:25 0 dr------- C:\Users\henry\Saved Games
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\Recent
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\PrintHood
2008-06-03 17:12:25 0 dr------- C:\Users\henry\Pictures
2008-06-03 17:12:25 1572864 --ahs---- C:\Users\henry\NTUSER.DAT
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\NetHood
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\My Documents
2008-06-03 17:12:25 0 dr------- C:\Users\henry\Music
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\Local Settings
2008-06-03 17:12:25 0 dr------- C:\Users\henry\Links
2008-06-03 17:12:25 0 dr------- C:\Users\henry\Favorites
2008-06-03 17:12:25 0 dr------- C:\Users\henry\Downloads
2008-06-03 17:12:25 0 dr------- C:\Users\henry\Documents
2008-06-03 17:12:25 0 dr------- C:\Users\henry\Desktop
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\Cookies
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\Application Data
2008-06-03 17:12:25 0 d--h----- C:\Users\henry\AppData
2008-05-31 00:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 00:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>


-- Find3M Report ---------------------------------------------------------------

2008-06-24 15:33:18 0 d-------- C:\Users\henry\AppData\Roaming\Skype
2008-06-24 15:31:56 0 d-------- C:\Users\henry\AppData\Roaming\skypePM
2008-06-24 15:31:38 27335 --a------ C:\Users\henry\AppData\Roaming\nvModes.001
2008-06-24 15:28:36 12 --a------ C:\Windows\bthservsdp.dat
2008-06-24 13:31:51 0 d-------- C:\Users\henry\AppData\Roaming\OpenOffice.org2
2008-06-23 23:18:11 0 d-------- C:\Program Files\Java
2008-06-23 21:14:45 0 d-------- C:\Program Files\Common Files
2008-06-22 19:17:36 0 d-------- C:\Users\henry\AppData\Roaming\Adobe
2008-06-21 15:36:57 0 d-------- C:\Users\henry\AppData\Roaming\Mathsoft
2008-06-21 15:35:48 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-21 15:12:57 0 d-------- C:\Users\henry\AppData\Roaming\CyberLink
2008-06-21 01:18:26 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-14 21:42:52 0 d-------- C:\Users\henry\AppData\Roaming\DivX
2008-06-11 21:10:40 0 d-------- C:\Program Files\Realtek
2008-06-11 16:00:21 0 d-------- C:\Program Files\Windows Mail
2008-06-10 13:17:41 27335 --a------ C:\Users\henry\AppData\Roaming\nvModes.dat
2008-06-09 11:10:29 174 --ahs---- C:\Program Files\desktop.ini
2008-06-09 11:00:10 0 d-------- C:\Program Files\Windows Calendar
2008-06-09 11:00:09 0 d-------- C:\Program Files\Windows Sidebar
2008-06-09 11:00:09 0 d-------- C:\Program Files\Movie Maker
2008-06-09 11:00:07 0 d-------- C:\Program Files\Windows Collaboration
2008-06-09 11:00:06 0 d-------- C:\Program Files\Windows Journal
2008-06-09 11:00:05 0 d-------- C:\Program Files\Windows Photo Gallery
2008-06-09 10:59:59 0 d-------- C:\Program Files\Windows Defender
2008-06-08 18:03:28 0 d-------- C:\Users\henry\AppData\Roaming\vlc
2008-06-06 19:44:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-06 12:02:20 0 d-------- C:\Users\henry\AppData\Roaming\Sony Corporation
2008-06-06 11:55:38 0 d-------- C:\Users\henry\AppData\Roaming\HP
2008-06-05 21:25:04 0 d-------- C:\Users\henry\AppData\Roaming\Google
2008-06-05 15:11:01 0 d-------- C:\Users\henry\AppData\Roaming\WildTangent
2008-06-05 13:18:26 0 d-------- C:\Program Files\Norton Internet Security
2008-06-05 12:54:59 0 d-------- C:\Program Files\Symantec
2008-06-03 18:33:13 0 d-------- C:\Users\henry\AppData\Roaming\Mozilla
2008-06-03 17:53:12 0 d-------- C:\Users\henry\AppData\Roaming\Hewlett-Packard
2008-06-03 17:52:42 0 d-------- C:\Users\henry\AppData\Roaming\Symantec
2008-06-03 17:52:09 0 d-------- C:\Users\henry\AppData\Roaming\Identities
2008-06-03 17:23:42 0 d-------- C:\Users\henry\AppData\Roaming\Macromedia
2008-06-03 17:22:18 0 dr------- C:\Program Files\Online Services
2008-06-03 17:14:22 0 d-------- C:\Program Files\HPQ
2008-05-22 23:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-22 23:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 23:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 23:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
25/08/2007 03:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
05/06/2008 12:54 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart "= "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 09:29]
"SMSERIAL "= "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [17/01/2007 14:34]
"RtHDVCpl "= "RtHDVCpl.exe" [09/03/2007 17:50 C:\Windows\RtHDVCpl.exe]
"IAAnotif "= "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [25/07/2007 07:02]
"QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [01/10/2007 04:34]
"QlbCtrl "= "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [19/09/2007 23:31]
"OnScreenDisplay "= "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [04/09/2007 22:54]
"UCam_Menu "= "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [17/08/2007 08:13]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 08:38]
"ccApp "= "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [14/02/2008 11:01]
"HP Health Check Scheduler "= "[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []
"HP Software Update "= "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [17/02/2005 08:11]
"hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [13/09/2007 17:47]
"WAWifiMessage "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [09/01/2007 00:53]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [19/09/2007 21:05]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [19/09/2007 21:05]
"NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [19/09/2007 21:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 08:33]
"LightScribe Control Panel "= "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [23/08/2007 17:36]
"Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [23/04/2008 17:45]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [19/01/2008 08:33]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 08:33]
"MSServer "= "C:\Users\henry\AppData\Local\Temp\fccccCVl.dll,#1" []
"cmds "= "C:\Users\henry\AppData\Local\Temp\tuvVLfEv.dll,c" []
"6600da37 "= "C:\Users\henry\AppData\Local\Temp\crcrxurx.dll,b" []
"BM6533e9ab "= "C:\Users\henry\AppData\Local\Temp\jrknkuas.dll,s" []

C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [9/5/2007 10:09:54 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/28/2008 11:20:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "=2 (0x2)
"EnableUIADesktopToggle "=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@= "IEEE 1394 Bus host controllers "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@= "SBP2 IEEE 1394 Devices "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@= "SecurityDevices "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c284d221-39f2-11dd-ae54-001e681feed5}]
Auto\command- McRegWizz.exe e
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL McRegWizz.exe e

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-24 15:36:10 ------------

 

Sorry, I'm not trying to bump my post but I thought I should write down the latest symptoms to give you as much info as possible. After I rebooted yesterday my computer returned to its normal speed, although windows explorer continued to stop working. I haven't had any pop-ups though since Norton reported removing the Trojan.vundo. However, this morning Norton Autoprotect again reported an infection by the same trojan and again removed it...

I don't know if this effects the logs. I read the anouncement at the top of the forum and I certainly don't want it to make any more work for you guys. I really appreciate your help. I'll give you the logs again. In the meantime can you advise me on what I should do if this happens again ie turn off Autoprotect, let it run but prevent it from removing threats or just let it run and tell you when it happens?

also I'm afraid I forgot the no adding programs rule and downloaded Adblock plus addon for Firefox. sorry

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:46, on 25/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0 "
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\henry\AppData\Local\Temp\fccccCVl.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\henry\AppData\Local\Temp\tuvVLfEv.dll,c
O4 - HKCU\..\Run: [6600da37] rundll32.exe "C:\Users\henry\AppData\Local\Temp\crcrxurx.dll ",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 11891 bytes

 

DSS log:

Deckard's System Scanner v20071014.68
Run by henry on 2008-06-25 10:52:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as henry.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:31, on 25/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\henry\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\henry.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0 "
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\henry\AppData\Local\Temp\fccccCVl.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\henry\AppData\Local\Temp\tuvVLfEv.dll,c
O4 - HKCU\..\Run: [6600da37] rundll32.exe "C:\Users\henry\AppData\Local\Temp\crcrxurx.dll ",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 11950 bytes

-- Files created between 2008-05-25 and 2008-06-25 -----------------------------

2008-06-24 11:13:45 0 d-------- C:\Program Files\Trend Micro
2008-06-23 21:17:26 0 d-------- C:\Program Files\Lavasoft
2008-06-23 21:17:25 0 d-------- C:\Users\All Users\Lavasoft
2008-06-23 21:14:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-22 16:31:10 0 d-------- C:\Users\All Users\Adobe Systems
2008-06-22 13:57:37 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-06-21 15:33:06 0 d-------- C:\Program Files\Mathsoft
2008-06-21 15:24:42 0 d-------- C:\Windows\system32\URTTEMP
2008-06-21 07:54:23 0 d-------- C:\Program Files\AC3Filter
2008-06-20 11:16:25 0 d-------- C:\Program Files\Winamp
2008-06-20 11:16:15 0 d-------- C:\Program Files\Monkey's Audio
2008-06-14 22:09:34 0 d-------- C:\Program Files\R
2008-06-14 20:56:37 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-14 20:56:29 0 d-------- C:\Program Files\DivX
2008-06-09 10:58:00 0 d-------- C:\PerfLogs
2008-06-08 17:59:20 0 d-------- C:\Program Files\VideoLAN
2008-06-06 19:44:57 0 d-------- C:\Program Files\THQ
2008-06-06 19:17:31 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-06 18:52:01 0 d-------- C:\Users\All Users\WinZip
2008-06-06 16:19:21 0 d-------- C:\Users\All Users\LightScribe
2008-06-06 14:36:31 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-06 12:02:14 0 d-------- C:\Users\All Users\SonicStage
2008-06-06 11:55:38 0 d-------- C:\Users\All Users\HP
2008-06-06 11:50:54 770048 --a------ C:\Windows\system32\CDDBUISony.dll <Not Verified; Gracenote; CDDBUIControl Module>
2008-06-06 11:50:54 532480 --a------ C:\Windows\system32\CddbPlaylist2Sony.dll <Not Verified; ; CddbPlaylist2 Module>
2008-06-06 11:50:53 589824 --a------ C:\Windows\system32\CddbMusicIDSony.dll <Not Verified; Gracenote; CddbMusicID Module>
2008-06-06 11:50:53 73728 --a------ C:\Windows\system32\CddbLinkSony.dll <Not Verified; Gracenote; CddbLink Module>
2008-06-06 11:50:53 655360 --a------ C:\Windows\system32\CDDBControlSony.dll <Not Verified; Gracenote, Inc.; CDDBControl Core Module>
2008-06-06 11:48:58 0 d-------- C:\Users\All Users\Sony Corporation
2008-06-06 11:47:17 0 d-------- C:\Program Files\Sony
2008-06-06 11:47:12 0 d-------- C:\Windows\system32\Iosubsys
2008-06-06 11:45:46 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-06-05 21:22:59 0 d-------- C:\Program Files\Google
2008-06-05 13:10:35 0 d-------- C:\Users\All Users\eMule
2008-06-05 13:10:35 0 d-------- C:\Program Files\eMule
2008-06-04 00:59:57 0 d--hs---- C:\System Volume Information
2008-06-03 18:49:00 0 d-------- C:\Program Files\MSXML 4.0
2008-06-03 18:34:47 56 --ah----- C:\Users\All Users\ezsidmv.dat
2008-06-03 18:33:20 0 --a------ C:\Windows\nsreg.dat
2008-06-03 18:32:38 0 d-------- C:\Program Files\Skype
2008-06-03 18:32:38 0 d-------- C:\Program Files\Common Files\Skype
2008-06-03 18:32:25 0 d-------- C:\Users\All Users\Skype
2008-06-03 17:52:45 0 d-------- C:\Users\henry\Bluetooth Software
2008-06-03 17:52:16 0 dr------- C:\Users\henry\Searches
2008-06-03 17:52:06 0 dr------- C:\Users\henry\Contacts
2008-06-03 17:52:02 81 --a------ C:\Windows\system32\LOG
2008-06-03 17:52:00 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-06-03 17:20:43 0 d-------- C:\Users\All Users\Electronic Arts
2008-06-03 17:16:23 0 d-------- C:\Program Files\Electronic Arts
2008-06-03 17:14:10 0 d-------- C:\Program Files\Common Files\LightScribe
2008-06-03 17:12:25 0 dr------- C:\Users\henry\Videos
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\Templates
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\Start Menu
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\SendTo
2008-06-03 17:12:25 0 dr------- C:\Users\henry\Saved Games
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\Recent
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\PrintHood
2008-06-03 17:12:25 0 dr------- C:\Users\henry\Pictures
2008-06-03 17:12:25 1572864 --ahs---- C:\Users\henry\NTUSER.DAT
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\NetHood
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\My Documents
2008-06-03 17:12:25 0 dr------- C:\Users\henry\Music
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\Local Settings
2008-06-03 17:12:25 0 dr------- C:\Users\henry\Links
2008-06-03 17:12:25 0 dr------- C:\Users\henry\Favorites
2008-06-03 17:12:25 0 dr------- C:\Users\henry\Downloads
2008-06-03 17:12:25 0 dr------- C:\Users\henry\Documents
2008-06-03 17:12:25 0 dr------- C:\Users\henry\Desktop
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\Cookies
2008-06-03 17:12:25 0 d--hs---- C:\Users\henry\Application Data
2008-06-03 17:12:25 0 d--h----- C:\Users\henry\AppData
2008-05-31 00:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 00:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 00:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>


-- Find3M Report ---------------------------------------------------------------

2008-06-25 10:48:40 0 d-------- C:\Users\henry\AppData\Roaming\Skype
2008-06-25 09:48:20 27335 --a------ C:\Users\henry\AppData\Roaming\nvModes.001
2008-06-25 09:46:02 12 --a------ C:\Windows\bthservsdp.dat
2008-06-25 08:02:07 0 d-------- C:\Users\henry\AppData\Roaming\skypePM
2008-06-24 23:57:58 0 d-------- C:\Users\henry\AppData\Roaming\OpenOffice.org2
2008-06-23 23:18:11 0 d-------- C:\Program Files\Java
2008-06-23 21:14:45 0 d-------- C:\Program Files\Common Files
2008-06-22 19:17:36 0 d-------- C:\Users\henry\AppData\Roaming\Adobe
2008-06-21 15:36:57 0 d-------- C:\Users\henry\AppData\Roaming\Mathsoft
2008-06-21 15:35:48 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-21 15:12:57 0 d-------- C:\Users\henry\AppData\Roaming\CyberLink
2008-06-21 01:18:26 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-14 21:42:52 0 d-------- C:\Users\henry\AppData\Roaming\DivX
2008-06-11 21:10:40 0 d-------- C:\Program Files\Realtek
2008-06-11 16:00:21 0 d-------- C:\Program Files\Windows Mail
2008-06-10 13:17:41 27335 --a------ C:\Users\henry\AppData\Roaming\nvModes.dat
2008-06-09 11:10:29 174 --ahs---- C:\Program Files\desktop.ini
2008-06-09 11:00:10 0 d-------- C:\Program Files\Windows Calendar
2008-06-09 11:00:09 0 d-------- C:\Program Files\Windows Sidebar
2008-06-09 11:00:09 0 d-------- C:\Program Files\Movie Maker
2008-06-09 11:00:07 0 d-------- C:\Program Files\Windows Collaboration
2008-06-09 11:00:06 0 d-------- C:\Program Files\Windows Journal
2008-06-09 11:00:05 0 d-------- C:\Program Files\Windows Photo Gallery
2008-06-09 10:59:59 0 d-------- C:\Program Files\Windows Defender
2008-06-08 18:03:28 0 d-------- C:\Users\henry\AppData\Roaming\vlc
2008-06-06 19:44:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-06 12:02:20 0 d-------- C:\Users\henry\AppData\Roaming\Sony Corporation
2008-06-06 11:55:38 0 d-------- C:\Users\henry\AppData\Roaming\HP
2008-06-05 21:25:04 0 d-------- C:\Users\henry\AppData\Roaming\Google
2008-06-05 15:11:01 0 d-------- C:\Users\henry\AppData\Roaming\WildTangent
2008-06-05 13:18:26 0 d-------- C:\Program Files\Norton Internet Security
2008-06-05 12:54:59 0 d-------- C:\Program Files\Symantec
2008-06-03 18:33:13 0 d-------- C:\Users\henry\AppData\Roaming\Mozilla
2008-06-03 17:53:12 0 d-------- C:\Users\henry\AppData\Roaming\Hewlett-Packard
2008-06-03 17:52:42 0 d-------- C:\Users\henry\AppData\Roaming\Symantec
2008-06-03 17:52:09 0 d-------- C:\Users\henry\AppData\Roaming\Identities
2008-06-03 17:23:42 0 d-------- C:\Users\henry\AppData\Roaming\Macromedia
2008-06-03 17:22:18 0 dr------- C:\Program Files\Online Services
2008-06-03 17:14:22 0 d-------- C:\Program Files\HPQ
2008-05-22 23:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-22 23:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 23:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 23:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
25/08/2007 03:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
05/06/2008 12:54 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart "= "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 09:29]
"SMSERIAL "= "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [17/01/2007 14:34]
"RtHDVCpl "= "RtHDVCpl.exe" [09/03/2007 17:50 C:\Windows\RtHDVCpl.exe]
"IAAnotif "= "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [25/07/2007 07:02]
"QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [01/10/2007 04:34]
"QlbCtrl "= "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [19/09/2007 23:31]
"OnScreenDisplay "= "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [04/09/2007 22:54]
"UCam_Menu "= "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [17/08/2007 08:13]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 08:38]
"ccApp "= "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [14/02/2008 11:01]
"HP Health Check Scheduler "= "[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []
"HP Software Update "= "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [17/02/2005 08:11]
"hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [13/09/2007 17:47]
"WAWifiMessage "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [09/01/2007 00:53]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [19/09/2007 21:05]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [19/09/2007 21:05]
"NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [19/09/2007 21:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 08:33]
"LightScribe Control Panel "= "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [23/08/2007 17:36]
"Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [23/04/2008 17:45]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [19/01/2008 08:33]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 08:33]
"MSServer "= "C:\Users\henry\AppData\Local\Temp\fccccCVl.dll,#1" []
"cmds "= "C:\Users\henry\AppData\Local\Temp\tuvVLfEv.dll,c" []
"6600da37 "= "C:\Users\henry\AppData\Local\Temp\crcrxurx.dll,b" []

C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [9/5/2007 10:09:54 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/28/2008 11:20:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "=2 (0x2)
"EnableUIADesktopToggle "=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@= "IEEE 1394 Bus host controllers "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@= "SBP2 IEEE 1394 Devices "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@= "SecurityDevices "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c284d221-39f2-11dd-ae54-001e681feed5}]
Auto\command- McRegWizz.exe e
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL McRegWizz.exe e

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-25 10:54:27 ------------

 

Welcome to WindowsBBS Earlgrey

Sorry for the wait.

Download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Hey noahdfear

Thanks a lot for the help. I've posted the Combofix and HJT logs below. I was wondering though how contagious my computer is at the moment. Do you think i can use skype with a webcam and not infect anyone?

Cheers

Earlgrey

ComboFix 08-06-20.4 - henry 2008-06-29 4:24:10.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.1081 [GMT 1:00]
Running from: C:\Users\henry\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-29 04:24 . 2008-06-29 04:24 6,736 --a------ C:\Windows\System32\drivers\PROCEXP90.SYS
2008-06-24 11:33 . 2008-06-24 11:33 <DIR> d-------- C:\Deckard
2008-06-24 11:13 . 2008-06-24 11:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-23 21:17 . 2008-06-23 21:22 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-06-23 21:17 . 2008-06-23 21:22 <DIR> d-------- C:\ProgramData\Lavasoft
2008-06-23 21:17 . 2008-06-23 21:17 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-23 21:14 . 2008-06-23 21:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-22 16:31 . 2008-06-22 16:31 <DIR> d-------- C:\Users\All Users\Adobe Systems
2008-06-22 16:31 . 2008-06-22 16:31 <DIR> d-------- C:\ProgramData\Adobe Systems
2008-06-22 13:57 . 2008-06-22 13:57 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-06-21 15:36 . 2008-06-21 15:36 <DIR> d-------- C:\Users\henry\AppData\Roaming\Mathsoft
2008-06-21 15:33 . 2008-06-21 15:33 <DIR> d-------- C:\Program Files\Mathsoft
2008-06-21 15:24 . 2008-06-21 15:24 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-06-21 15:12 . 2008-06-21 15:12 <DIR> d-------- C:\Users\Public\CyberLink
2008-06-21 07:54 . 2008-06-21 07:54 <DIR> d-------- C:\Program Files\AC3Filter
2008-06-21 07:54 . 2007-08-18 08:54 380,928 --a------ C:\Windows\System32\ac3filter.acm
2008-06-20 11:16 . 2008-06-20 11:16 <DIR> d-------- C:\Program Files\Winamp
2008-06-20 11:16 . 2008-06-20 11:25 <DIR> d-------- C:\Program Files\Monkey's Audio
2008-06-15 11:37 . 2008-04-23 05:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-15 11:37 . 2008-04-23 05:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-15 11:37 . 2008-04-23 05:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-15 11:37 . 2008-04-23 05:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 22:09 . 2008-06-14 22:09 <DIR> d-------- C:\Program Files\R
2008-06-14 20:58 . 2008-06-14 21:42 <DIR> d-------- C:\Users\henry\AppData\Roaming\DivX
2008-06-14 20:56 . 2008-06-14 20:56 <DIR> d-------- C:\Program Files\DivX
2008-06-14 20:56 . 2008-06-14 20:56 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-13 14:14 . 2008-06-13 14:14 24,112 --a------ C:\Windows\System32\drivers\SymIMV.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\Windows\System32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\Windows\System32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\Windows\System32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\Windows\System32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\Windows\System32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\Windows\System32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\Windows\System32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\Windows\System32\drivers\symdns.sys
2008-06-11 21:10 . 2007-03-09 17:50 4,390,912 --a------ C:\Windows\RtHDVCpl.exe
2008-06-11 21:10 . 2007-03-12 19:29 1,747,936 --a------ C:\Windows\System32\drivers\RTKVHDA.sys
2008-06-11 21:10 . 2007-01-16 10:39 1,191,936 --a------ C:\Windows\RtlUpd.exe
2008-06-11 21:10 . 2007-01-29 15:34 532,480 --a------ C:\Windows\System32\RTSndMgr.cpl
2008-06-11 21:10 . 2007-03-12 11:26 494,080 --a------ C:\Windows\System32\RtkPgExt.dll
2008-06-11 21:10 . 2006-11-29 18:47 135,168 --a------ C:\Windows\System32\SRSWOW.dll
2008-06-09 21:02 . 2008-06-09 21:02 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-09 11:32 . 2008-06-28 19:43 <DIR> d-------- C:\Users\henry\AppData\Roaming\OpenOffice.org2
2008-06-09 10:58 . 2008-06-09 10:58 <DIR> d-------- C:\PerfLogs
2008-06-08 18:03 . 2008-06-08 18:03 <DIR> d-------- C:\Users\henry\AppData\Roaming\vlc
2008-06-08 17:59 . 2008-06-08 18:26 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-06 19:50 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-06-06 19:50 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll
2008-06-06 19:50 . 2006-11-29 13:06 440,080 --a------ C:\Windows\System32\d3dx10.dll
2008-06-06 19:50 . 2006-12-08 12:02 251,672 --a------ C:\Windows\System32\xactengine2_5.dll
2008-06-06 19:50 . 2006-09-28 16:05 237,848 --a------ C:\Windows\System32\xactengine2_4.dll
2008-06-06 19:50 . 2006-09-28 16:04 68,888 --a------ C:\Windows\System32\xinput1_3.dll
2008-06-06 19:50 . 2006-11-15 11:38 15,128 --a------ C:\Windows\System32\x3daudio1_1.dll
2008-06-06 19:44 . 2008-06-06 19:44 <DIR> d-------- C:\Program Files\THQ
2008-06-06 19:17 . 2008-06-22 13:59 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-06 18:52 . 2008-06-06 18:53 <DIR> d-------- C:\Users\All Users\WinZip
2008-06-06 18:52 . 2008-06-06 18:53 <DIR> d-------- C:\ProgramData\WinZip
2008-06-06 16:19 . 2008-06-06 16:19 <DIR> d-------- C:\Users\All Users\LightScribe
2008-06-06 16:19 . 2008-06-06 16:19 <DIR> d-------- C:\ProgramData\LightScribe
2008-06-06 14:36 . 2008-06-18 12:15 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-06 12:02 . 2008-06-06 12:02 <DIR> d-------- C:\Users\All Users\SonicStage
2008-06-06 12:02 . 2008-06-06 12:02 <DIR> d-------- C:\ProgramData\SonicStage
2008-06-06 11:55 . 2008-06-06 11:55 <DIR> d-------- C:\Users\henry\AppData\Roaming\HP
2008-06-06 11:55 . 2008-06-21 15:12 <DIR> d-------- C:\Users\henry\AppData\Roaming\CyberLink
2008-06-06 11:55 . 2008-06-06 11:55 <DIR> d-------- C:\Users\All Users\HP
2008-06-06 11:55 . 2008-06-06 11:55 <DIR> d-------- C:\ProgramData\HP
2008-06-06 11:48 . 2008-06-06 12:02 <DIR> d-------- C:\Users\All Users\Sony Corporation
2008-06-06 11:48 . 2008-06-06 12:02 <DIR> d-------- C:\ProgramData\Sony Corporation
2008-06-06 11:47 . 2008-06-06 11:47 <DIR> d-------- C:\Windows\System32\Iosubsys
2008-06-06 11:47 . 2008-06-06 11:48 <DIR> d-------- C:\Program Files\Sony
2008-06-06 11:45 . 2008-06-06 12:02 <DIR> d-------- C:\Users\henry\AppData\Roaming\Sony Corporation
2008-06-06 11:45 . 2008-06-06 11:47 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2008-06-06 11:22 . 2008-01-19 08:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-06-06 11:21 . 2008-01-19 08:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-06-06 11:20 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-06-05 21:22 . 2008-06-05 21:22 <DIR> d-------- C:\Program Files\Google
2008-06-05 15:11 . 2008-06-05 15:11 <DIR> d-------- C:\Users\henry\AppData\Roaming\WildTangent
2008-06-05 13:10 . 2008-06-05 13:10 <DIR> d-------- C:\Users\All Users\eMule
2008-06-05 13:10 . 2008-06-05 13:10 <DIR> d-------- C:\ProgramData\eMule
2008-06-05 13:10 . 2008-06-05 13:10 <DIR> d-------- C:\Program Files\eMule
2008-06-04 18:04 . 2008-06-10 13:17 27,335 --a------ C:\Users\henry\AppData\Roaming\nvModes.dat
2008-06-03 18:53 . 2008-06-03 18:53 988,216 --a------ C:\Windows\System32\winload.exe
2008-06-03 18:53 . 2008-06-03 18:53 927,288 --a------ C:\Windows\System32\winresume.exe
2008-06-03 18:53 . 2008-06-03 18:53 615,992 --a------ C:\Windows\System32\ci.dll
2008-06-03 18:53 . 2008-06-03 18:53 378,368 --a------ C:\Windows\System32\srcore.dll
2008-06-03 18:53 . 2008-06-03 18:53 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-06-03 18:53 . 2008-06-03 18:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-06-03 18:53 . 2008-06-03 18:53 40,960 --a------ C:\Windows\System32\srclient.dll
2008-06-03 18:53 . 2008-06-03 18:53 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-06-03 18:53 . 2008-06-03 18:53 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-06-03 18:53 . 2008-06-03 18:53 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-06-03 18:52 . 2008-06-03 18:52 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-06-03 18:52 . 2008-06-03 18:52 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-06-03 18:51 . 2008-06-03 18:51 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-03 18:51 . 2008-06-03 18:51 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-06-03 18:49 . 2008-06-03 18:49 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-03 18:34 . 2008-06-27 00:03 <DIR> d-------- C:\Users\henry\AppData\Roaming\skypePM
2008-06-03 18:34 . 2008-06-28 00:35 <DIR> d-------- C:\Users\henry\AppData\Roaming\Skype
2008-06-03 18:34 . 2008-06-03 18:34 56 --ah----- C:\Users\All Users\ezsidmv.dat
2008-06-03 18:34 . 2008-06-03 18:34 56 --ah----- C:\ProgramData\ezsidmv.dat
2008-06-03 18:33 . 2008-06-03 18:33 0 --a------ C:\Windows\nsreg.dat
2008-06-03 18:32 . 2008-06-03 18:32 <DIR> d-------- C:\Users\All Users\Skype
2008-06-03 18:32 . 2008-06-03 18:32 <DIR> d-------- C:\ProgramData\Skype
2008-06-03 18:32 . 2008-06-03 18:32 <DIR> d-------- C:\Program Files\Skype
2008-06-03 18:32 . 2008-06-03 18:32 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-06-03 17:52 . 2008-06-03 17:52 <DIR> dr------- C:\Users\henry\Searches
2008-06-03 17:52 . 2008-06-03 17:52 <DIR> dr------- C:\Users\henry\Contacts
2008-06-03 17:52 . 2008-06-03 17:52 <DIR> d-------- C:\Users\henry\Bluetooth Software
2008-06-03 17:52 . 2008-06-03 17:52 <DIR> d-------- C:\Users\henry\AppData\Roaming\Symantec
2008-06-03 17:52 . 2008-06-03 17:52 81 --a------ C:\Windows\System32\LOG
2008-06-03 17:52 . 2008-06-03 17:52 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-06-03 17:22 . 2008-06-03 17:53 <DIR> d-------- C:\Users\henry\AppData\Roaming\Hewlett-Packard
2008-06-03 17:20 . 2008-06-03 17:20 <DIR> d-------- C:\Users\All Users\Electronic Arts
2008-06-03 17:20 . 2008-06-03 17:20 <DIR> d-------- C:\ProgramData\Electronic Arts
2008-06-03 17:16 . 2008-06-03 17:20 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-03 17:16 . 2006-07-28 09:30 236,824 --a------ C:\Windows\System32\xactengine2_3.dll
2008-06-03 17:16 . 2006-07-28 09:30 62,744 --a------ C:\Windows\System32\xinput1_2.dll
2008-06-03 17:15 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-06-03 17:14 . 2008-06-03 17:14 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-06-03 17:13 . 2008-06-03 17:13 0 -rahs---- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF8075PSH_E459053-033_4A_I30D2_SQuanta_V79.28_F.45_T080116_WV3-0_L409_M2046_J250_7Intel_86FD_91.67_#071126_N10EC8136;80864229_(KN775EA#ABU)_XMOBILE_CN10_Z.MRK
2008-06-03 17:12 . 2008-06-28 13:35 <DIR> dr------- C:\Users\henry\Videos
2008-06-03 17:12 . 2008-06-06 16:25 <DIR> dr------- C:\Users\henry\Saved Games
2008-06-03 17:12 . 2008-06-20 13:17 <DIR> dr------- C:\Users\henry\Pictures
2008-06-03 17:12 . 2008-06-26 20:43 <DIR> dr------- C:\Users\henry\Music
2008-06-03 17:12 . 2008-06-03 17:52 <DIR> dr------- C:\Users\henry\Links

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 01:24 --------- d-----w C:\ProgramData\Symantec
2008-06-23 22:18 --------- d-----w C:\Program Files\Java
2008-06-21 14:35 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-21 00:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-11 20:10 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-06-11 20:10 --------- d-----w C:\Program Files\Realtek
2008-06-11 15:00 --------- d-----w C:\Program Files\Windows Mail
2008-06-10 11:41 --------- d-----w C:\ProgramData\WildTangent
2008-06-09 10:10 174 --sha-w C:\Program Files\desktop.ini
2008-06-09 10:00 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-09 10:00 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-09 10:00 --------- d-----w C:\Program Files\Windows Journal
2008-06-09 10:00 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-09 10:00 --------- d-----w C:\Program Files\Windows Calendar
2008-06-09 09:59 --------- d-----w C:\Program Files\Windows Defender
2008-06-09 09:52 --------- d-----w C:\ProgramData\NVIDIA
2008-06-09 09:20 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-09 09:20 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-06 18:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-06 10:55 --------- d-----w C:\ProgramData\CyberLink
2008-06-05 12:18 --------- d-----w C:\Program Files\Norton Internet Security
2008-06-05 11:54 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-06-05 11:54 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-06-05 11:54 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-06-05 11:54 --------- d-----w C:\Program Files\Symantec
2008-06-03 17:51 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-03 17:51 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-03 17:51 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-03 17:51 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-03 17:51 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-03 16:53 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-06-03 16:14 --------- d-----w C:\Program Files\HPQ
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-22 22:22 43,528 ------w C:\Windows\system32\drivers\PxHelp20.sys
2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-22 22:22 129,784 ------w C:\Windows\System32\pxafs.dll
2008-05-22 22:22 120,056 ------w C:\Windows\System32\pxcpyi64.exe
2008-05-22 22:22 118,520 ------w C:\Windows\System32\pxinsi64.exe
2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-16 10:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-04-29 10:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2008-04-29 10:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys
2008-04-29 10:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys
2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 03:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-06-05 12:54 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 08:33 1233920]
"LightScribe Control Panel "= "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
"Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart "= "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 09:29 102400]
"SMSERIAL "= "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 14:34 634880]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-03-09 17:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif "= "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 07:02 174616]
"QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [2007-10-01 04:34 181544]
"QlbCtrl "= "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 23:31 202032]
"OnScreenDisplay "= "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 22:54 554320]
"UCam_Menu "= "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 08:13 218408]
"ccApp "= "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"HP Health Check Scheduler "= "[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"HP Software Update "= "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 08:11 49152]
"hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 17:47 480560]
"WAWifiMessage "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-09 00:53 311296]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [2007-09-19 21:05 86016]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [2007-09-19 21:05 8497696]
"NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [2007-09-19 21:05 81920]

C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM 113664]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [9/5/2007 10:09:54 PM 727592]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/28/2008 11:20:00 AM 415072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp "= l3codecp.acm
"msacm.ac3filter "= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify "=dword:00000001
"InternetSettingsDisableNotify "=dword:00000001
"AutoUpdateDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DCDCF55A-4579-461C-8FE7-5352F25E6909} "= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{96BECFF7-1D1D-4B47-ABD0-F1DF3504DA31} "= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BEEDD37A-052A-4899-AD7D-B243F31A552B} "= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1336951A-26CE-4F11-8E8A-5BDAF832C058} "= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E19F97E5-34E1-4832-A889-F0A321EA2CEC} "= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{9FDFFAF4-3976-4F0F-B654-784F55AD6D19} "= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{51B27729-9F9A-443A-981E-80949968FD22} "= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{C2BFCA18-534A-485E-A0F4-1EB67A9E4D54} "= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{8966177B-2648-4AEE-B0D2-F5EA3978CC55}C:\\program files\\mozilla firefox\\firefox.exe "= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{7F487E3D-DD65-413E-81AE-FBC8281C0A6A}C:\\program files\\mozilla firefox\\firefox.exe "= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080623.001\IDSvix86.sys [2008-03-20 21:37]
R2 LiveUpdate Notice;LiveUpdate Notice; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-10-01 04:34]
R2 QPSched;QuickPlay Task Scheduler (QTS); "C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-10-01 04:34]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 14:12]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 14:12]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 14:12]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 19:30]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 14:13]
S3 GameConsoleService;GameConsoleService; "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-24 00:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c284d221-39f2-11dd-ae54-001e681feed5}]
\shell\Auto\command - McRegWizz.exe e
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL McRegWizz.exe e

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe "
.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 10:31:53 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - henry.job "
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
"2008-06-29 03:15:33 C:\Windows\Tasks\User_Feed_Synchronization-{7F22A288-F9B8-40BD-ACF9-307699DFA912}.job "
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 04:28:29
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-29 4:29:55
ComboFix-quarantined-files.txt 2008-06-29 03:29:35

Pre-Run: 156,522,422,272 bytes free
Post-Run: 156,538,408,960 bytes free

318 --- E O F --- 2008-06-26 03:33:26

 

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:38:31, on 29/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\Explorer.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0 "
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 11120 bytes

 

It appears as though ComboFix has already cleaned up the leftovers (mostly registry stuff). Lets get another opinion. Please scan with Kaspersky WebScanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Post the Kaspersky log here.

 

here's the Kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, June 29, 2008 3:30:15 PM
Operating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/06/2008
Kaspersky Anti-Virus database records: 896951
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 161672
Number of viruses found: 4
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 01:28:46

Infected Object Name / Virus Name / Last Action
C:\boot\bcd Object is locked skipped
C:\boot\BCD.LOG Object is locked skipped
C:\Deckard\System Scanner\20080624153406\backup\Users\henry\AppData\Local\Temp\dfdmtvrn.dll Infected: Trojan.Win32.Monder.zh skipped
C:\Deckard\System Scanner\20080624153406\backup\Users\henry\AppData\Local\Temp\eklufvrs.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\Deckard\System Scanner\20080624153406\backup\Users\henry\AppData\Local\Temp\eqnrbtyx.dll Infected: Trojan.Win32.Monder.zh skipped
C:\Deckard\System Scanner\20080624153406\backup\Users\henry\AppData\Local\Temp\fccccCVl.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\Deckard\System Scanner\20080624153406\backup\Users\henry\AppData\Local\Temp\haijqpyx.dll Infected: Trojan.Win32.Monder.zh skipped
C:\Deckard\System Scanner\20080624153406\backup\Users\henry\AppData\Local\Temp\isnoifgp.dll Infected: Trojan.Win32.Monder.zh skipped
C:\Deckard\System Scanner\20080624153406\backup\Users\henry\AppData\Local\Temp\tdqvibff.dll Infected: Trojan.Win32.Monder.zh skipped
C:\Deckard\System Scanner\20080624153406\backup\Users\henry\AppData\Local\Temp\tmp00018a06 Infected: Trojan.Win32.Monderc.gen skipped
C:\Deckard\System Scanner\20080624153406\backup\Users\henry\AppData\Local\Temp\tmp0002fad2 Infected: Trojan.Win32.Monderc.gen skipped
C:\Deckard\System Scanner\20080624153406\backup\Users\henry\AppData\Local\Temp\tmp00033d7c Infected: Trojan.Win32.Monderc.gen skipped
C:\Deckard\System Scanner\20080624153406\backup\Users\henry\AppData\Local\Temp\tmp00047389 Infected: Trojan.Win32.Monderc.gen skipped
C:\Deckard\System Scanner\20080624153406\backup\Users\henry\AppData\Local\Temp\tmp0005fad2 Infected: Trojan.Win32.Monderc.gen skipped
C:\Deckard\System Scanner\20080624153406\backup\Users\henry\AppData\Local\Temp\tuvVLfEv.dll Infected: Trojan.Win32.Monder.wd skipped
C:\Deckard\System Scanner\20080624153406\backup\Users\henry\AppData\Local\Temp\whmtekqo.dll Infected: Trojan.Win32.Monder.zh skipped
C:\Deckard\System Scanner\20080624153406\backup\Users\henry\AppData\Local\Temp\wyfambgi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.zda skipped
C:\Deckard\System Scanner\20080624153406\backup\Users\henry\AppData\Local\Temp\yesjgcjh.dll Infected: Trojan.Win32.Monder.zh skipped
C:\Deckard\System Scanner\20080624153406\backup\Windows\temp\VistaSP1_InstallPerf_142855.sqm Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.ilg Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\ProgramData\CyberLink\TinyDB\EPGSignal Object is locked skipped
C:\ProgramData\CyberLink\TinyDB\Schedule Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\103f8052e4c0860a84a59bbfcb673977_a976b4d8-f0f9-4786-b689-4df7a0c6f14d Object is locked skipped
C:\ProgramData\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{0C5197E6-C60B-4110-A38E-879ABEED3823}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{0C5197E6-C60B-4110-A38E-879ABEED3823}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{51AF9F7B-D7FA-4C7B-B9AF-8060DDC0D6AD}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{51AF9F7B-D7FA-4C7B-B9AF-8060DDC0D6AD}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9C3887A3-8559-4F0B-9417-FAD6CB8B5E1B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9C3887A3-8559-4F0B-9417-FAD6CB8B5E1B}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D0DC2057-1148-4D56-BEAC-BA2213DBFF23}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{ECF760F5-9D42-4A2C-B623-E7C3ABC538F1}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{ECF760F5-9D42-4A2C-B623-E7C3ABC538F1}.DAT Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2008-06-29_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\Shl_{6E6C98A2-5EA8-458F-99B3-7FC87929F412}.ldb Object is locked skipped
C:\ProgramData\Symantec\SPBBC\Shl_{6E6C98A2-5EA8-458F-99B3-7FC87929F412}.sds Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
C:\System.sav\Util\App.Evt Object is locked skipped
C:\System.sav\Util\CMa.Evt Object is locked skipped
C:\System.sav\Util\Sec.Evt Object is locked skipped
C:\System.sav\Util\Sys.Evt Object is locked skipped
C:\Users\henry\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\henry\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\henry\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\henry\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008062920080630\index.dat Object is locked skipped
C:\Users\henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\henry\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\henry\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\henry\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\henry\AppData\Local\Microsoft\Windows\UsrClass.dat{9adf36f7-3187-11dd-98cc-001e37b32ffd}.TM.blf Object is locked skipped
C:\Users\henry\AppData\Local\Microsoft\Windows\UsrClass.dat{9adf36f7-3187-11dd-98cc-001e37b32ffd}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\henry\AppData\Local\Microsoft\Windows\UsrClass.dat{9adf36f7-3187-11dd-98cc-001e37b32ffd}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\henry\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\henry\AppData\Local\Mozilla\Firefox\Profiles\95nlp8ob.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\henry\AppData\Local\Mozilla\Firefox\Profiles\95nlp8ob.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\henry\AppData\Local\Mozilla\Firefox\Profiles\95nlp8ob.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\henry\AppData\Local\Mozilla\Firefox\Profiles\95nlp8ob.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\henry\AppData\Local\Temp\ehmsas.txt Object is locked skipped
C:\Users\henry\AppData\Local\Temp\hsperfdata_henry\2112 Object is locked skipped
C:\Users\henry\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\henry\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\95nlp8ob.default\cert8.db Object is locked skipped
C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\95nlp8ob.default\formhistory.dat Object is locked skipped
C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\95nlp8ob.default\history.dat Object is locked skipped
C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\95nlp8ob.default\key3.db Object is locked skipped
C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\95nlp8ob.default\parent.lock Object is locked skipped
C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\95nlp8ob.default\search.sqlite Object is locked skipped
C:\Users\henry\NTUSER.DAT Object is locked skipped
C:\Users\henry\ntuser.dat.LOG1 Object is locked skipped
C:\Users\henry\ntuser.dat.LOG2 Object is locked skipped
C:\Users\henry\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\henry\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\henry\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\panther\diagerr.xml Object is locked skipped
C:\Windows\panther\diagwrn.xml Object is locked skipped
C:\Windows\panther\setupact.log Object is locked skipped
C:\Windows\panther\setuperr.log Object is locked skipped
C:\Windows\panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{2E815C55-95D1-4315-8E6C-A7F37477033B}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\1E2E58C73053C7775EB226DB5E739137.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2CE523184A801AA7361A7039E2D6B41D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\376786241A5443E41378D25CF812FCC1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4CB32C0A77CD4D9B0C9618F73F786C32.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5B5D21CF62E70BACF9D085E6AA6CE143.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\87AA2A001CE3E89926688B93E4DC2992.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8C718B5AFD373885B68D2836088CAF9A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\96ABB1671705F680578FE240427CBD4F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9CD33F0956942860B50AA1B9330DEFAF.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA742824DCADA846BA4B665D686DD5D6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D1A1B12A7DA3F9675C01397A26DBF4B3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D4C4BA54B6A8FA6211E60E2ADFF7426A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\JET97EB.tmp Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd Object is locked skipped
D:\$RECYCLE.BIN\Desktop.ini Object is locked skipped
D:\$RECYCLE.BIN\Folder.htt Object is locked skipped
D:\$RECYCLE.BIN\protect.chinese hong kong Object is locked skipped
D:\$RECYCLE.BIN\protect.chinese simplified Object is locked skipped
D:\$RECYCLE.BIN\protect.chinese traditional Object is locked skipped
D:\$RECYCLE.BIN\protect.czech Object is locked skipped
D:\$RECYCLE.BIN\protect.danish Object is locked skipped
D:\$RECYCLE.BIN\protect.dutch Object is locked skipped
D:\$RECYCLE.BIN\Protect.ed Object is locked skipped
D:\$RECYCLE.BIN\protect.english Object is locked skipped
D:\$RECYCLE.BIN\protect.finnish Object is locked skipped
D:\$RECYCLE.BIN\protect.french Object is locked skipped
D:\$RECYCLE.BIN\protect.german Object is locked skipped
D:\$RECYCLE.BIN\protect.greek Object is locked skipped
D:\$RECYCLE.BIN\protect.hebrew Object is locked skipped
D:\$RECYCLE.BIN\protect.hungarian Object is locked skipped
D:\$RECYCLE.BIN\protect.italian Object is locked skipped
D:\$RECYCLE.BIN\protect.japanese Object is locked skipped
D:\$RECYCLE.BIN\protect.korean Object is locked skipped
D:\$RECYCLE.BIN\protect.norwegian Object is locked skipped
D:\$RECYCLE.BIN\protect.polish Object is locked skipped
D:\$RECYCLE.BIN\protect.portuguese Object is locked skipped
D:\$RECYCLE.BIN\protect.portuguese brazilian Object is locked skipped
D:\$RECYCLE.BIN\protect.russian Object is locked skipped
D:\$RECYCLE.BIN\protect.spanish Object is locked skipped
D:\$RECYCLE.BIN\protect.swedish Object is locked skipped
D:\$RECYCLE.BIN\protect.turkish Object is locked skipped

Scan process completed.

 

Great! Infected items are in quarantine by Deckard's System Scanner (from temp directory). Lets finish up.

Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing the infected files there as well. The C:\Deckard's folder will also be removed. You can delete any logs that were created/saved too.

Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot


That should wrap things up. How's it behaving now?

 

Great! The computer's running like new (which is good because it is...).

Thanks a lot for all your help. I really appreciate you taking me through this.

Anything else i need to do?

 

You're most welcome.


Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!