Virusss Trojan Maleware its something PLEASE helP! :(

2»

Comments

  • peku006
    edited November 2007
    Hi
    [SIZE=-1]DO IT TWICE[/SIZE]
  • SweepeRSweepeR
    edited November 2007
    waht u mean? i dont see wher it says add attachment in the options
  • peku006
    edited November 2007
    Hi
    not Post Quick Reply
    Go Advanced above ==> Fonts... Sizes.... Colors.... smilies "binder" is attachment
  • SweepeRSweepeR
    edited November 2007
    Deckard's System Scanner v20071014.68
    Run by Owner on 2007-11-20 12:33:12
    Computer is in Normal Mode.

    -- System Restore

    Successfully created a Deckard's System Scanner Restore Point.

    -- Last 5 Restore Point(s) --
    88: 2007-11-20 20:33:32 UTC - RP574 - Deckard's System Scanner Restore Point
    87: 2007-11-19 19:41:10 UTC - RP573 - System Checkpoint
    86: 2007-11-15 11:00:57 UTC - RP572 - Software Distribution Service 3.0
    85: 2007-11-12 04:17:00 UTC - RP571 - System Checkpoint
    84: 2007-11-08 03:31:01 UTC - RP570 - ComboFix created restore point

    -- First Restore Point --
    1: 2007-08-10 00:30:18 UTC - RP487 - System Checkpoint

    Backed up registry hives.
    Performed disk cleanup.

    -- HijackThis (run as Owner.exe)
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:36:15 PM, on 11/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Documents and Settings\Owner\Desktop\dss.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [EPSON Stylus CX5400] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149475700296
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149714605984
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    --
    End of file - 8409 bytes
    -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\)
    backup-20071106-124858-679 O21 - SSODL: gbiwWZm - {18BF280B-B215-82A1-6490-EF0655F596D7} - (no file)
    backup-20071106-124858-899 O4 - HKLM\..\Run: [rkhftvpz] "C:\Program Files\Dlglejpn\rkhftvpz.exe"
    backup-20071106-124858-982 O2 - BHO: (no name) - {1443D5E6-F92E-DA36-0BBA-0744992443D0} - C:\Program Files\Qexwmyjw\tuvdreyc.dll (file missing)
    backup-20071109-123051-542 O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
    -- File Associations
    All associations okay.

    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
    R0 SSFS041A (Spy Sweeper File System Filer Driver: 041A) - c:\windows\system32\drivers\ssfs041a.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
    R0 SSHRMD (Spy Sweeper Hookrack MiniDriver) - c:\windows\system32\drivers\sshrmd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
    R0 SSIDRV (Spy Sweeper Interdiction Driver) - c:\windows\system32\drivers\ssidrv.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
    R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
    R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
    R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
    R3 SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - c:\windows\system32\drivers\sskbfd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
    S3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing)
    S3 ip6fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
    S3 iteio - c:\windows\system32\drivers\iteio.sys
    S3 wg121 (NETGEAR WG121 802.11g Wireless USB2.0 Adapter) - c:\windows\system32\drivers\wg121nd5.sys (file missing)

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 ScsiAccess - c:\windows\system32\scsiaccess.exe
    R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
    R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
    S2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>
    S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

    -- Device Manager: Disabled
    Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
    Description: nVidia WDM Video Capture (universal)
    Device ID: DISPLAY\NVCAP\5&27AC1A29&0&CA000002&01&00
    Manufacturer: nVidia
    Name: nVidia WDM Video Capture (universal)
    PNP Device ID: DISPLAY\NVCAP\5&27AC1A29&0&CA000002&01&00
    Service: nvcap
    Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
    Description: ITE Virtual COM Port
    Device ID: ROOT\PORTS\0000
    Manufacturer: ITE
    Name: ITE Virtual COM Port (COM3)
    PNP Device ID: ROOT\PORTS\0000
    Service: Serial

    -- Files created between 2007-10-20 and 2007-11-20
    2007-11-11 21:14:58 0 d
    C:\WINDOWS\system32\ActiveScan
    2007-11-09 12:44:55 0 d
    C:\Documents and Settings\Owner\DoctorWeb
    2007-11-06 22:29:21 0 d
    C:\Program Files\iPod
    2007-11-06 22:29:14 0 d
    C:\Program Files\iTunes
    2007-11-06 22:26:33 0 d
    C:\Program Files\QuickTime
    2007-11-06 17:09:45 0 d
    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-06 17:09:38 0 d
    C:\Program Files\SUPERAntiSpyware
    2007-11-06 17:09:37 0 d
    C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    2007-11-05 13:03:28 0 d
    C:\Program Files\Trend Micro
    2007-11-03 08:12:29 81549 --a
    C:\WINDOWS\system32\drivers\klin.dat
    2007-11-03 08:12:29 82061 --a
    C:\WINDOWS\system32\drivers\klick.dat
    2007-11-03 08:11:34 0 d
    C:\Program Files\Kaspersky Lab
    2007-11-03 08:11:30 71456 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-11-03 08:11:30 13576224 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-11-02 18:34:01 0 d
    C:\WINDOWS\ERUNT
    2007-11-02 18:28:13 0 d
    C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
    2007-11-02 18:07:25 0 d
    C:\Program Files\Avira
    2007-11-02 18:07:25 0 d
    C:\Documents and Settings\All Users\Application Data\Avira
    2007-11-02 12:30:51 0 d
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-11-02 12:30:50 0 d
    C:\WINDOWS\system32\Kaspersky Lab
    2007-10-29 12:24:54 0 d
    C:\KAV
    2007-10-29 12:24:43 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-28 17:59:02 0 d
    C:\Documents and Settings\NetworkService\Application Data\Webroot
    2007-10-28 17:03:17 0 d
    C:\Program Files\Windows Sidebar
    2007-10-28 17:02:19 0 d
    C:\Documents and Settings\LocalService\Application Data\Webroot
    2007-10-28 17:01:28 14848 --a
    C:\WINDOWS\system32\drivers\sskbfd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
    2007-10-28 17:01:28 117248 --a
    C:\WINDOWS\system32\drivers\ssidrv.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
    2007-10-28 17:01:28 15360 --a
    C:\WINDOWS\system32\drivers\sshrmd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
    2007-10-28 17:01:28 13824 --a
    C:\WINDOWS\system32\drivers\SSFS041A.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
    2007-10-28 17:00:54 0 d
    C:\Documents and Settings\Owner\Application Data\Webroot
    2007-10-28 17:00:52 0 d
    C:\Program Files\Webroot
    2007-10-28 16:59:00 0 d
    C:\Documents and Settings\All Users\Application Data\Webroot
    2007-10-24 20:59:27 0 d
    C:\Program Files\iPhoneBrowser
    2007-10-23 02:01:42 0 d
    C:\Program Files\MSXML 6.0
    2007-10-23 00:41:53 0 d
    C:\Program Files\touchFree
    2007-10-22 18:38:57 0 d
    C:\Program Files\MSBuild
    2007-10-22 18:33:16 0 d
    C:\WINDOWS\system32\XPSViewer
    2007-10-22 18:32:10 0 d
    C:\Program Files\Reference Assemblies

    -- Find3M Report
    2007-11-12 22:08:29 0 d
    C:\Program Files\LimeWire
    2007-11-12 22:07:46 0 d
    C:\Program Files\Microsoft IntelliType Pro
    2007-11-12 21:22:42 0 d
    C:\Program Files\Ares
    2007-11-12 21:21:30 0 d
    C:\Program Files\AIM6
    2007-11-12 00:07:20 0 d
    C:\Program Files\Shareaza
    2007-11-06 00:06:29 0 d
    C:\Program Files\Common Files\Symantec Shared
    2007-10-28 17:01:07 0 d
    C:\Program Files\Common Files
    2007-10-21 21:45:12 50592 --a
    C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
    2007-10-12 23:09:29 0 d
    C:\Program Files\Common Files\MAGIX Shared
    2007-10-10 23:15:21 0 d
    C:\Program Files\iPhoneRingToneMaker
    2007-10-10 23:15:21 0 d
    C:\Documents and Settings\Owner\Application Data\iPhoneRingToneMaker
    2007-10-10 22:37:32 0 d
    C:\Program Files\Mightsoft
    2007-10-10 21:45:17 0 d
    C:\Documents and Settings\Owner\Application Data\Syntrillium
    2007-10-10 21:45:14 0 d
    C:\Program Files\coolpro2
    2007-10-01 18:31:15 0 d
    C:\Documents and Settings\Owner\Application Data\Apple Computer
    2007-10-01 15:48:01 0 d
    C:\Program Files\Apple Software Update
    2007-10-01 15:47:37 0 d
    C:\Program Files\Common Files\Apple

    -- Registry Dump
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [05/26/2003 07:00 PM]
    "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [12/04/2005 03:38 PM]
    "NvCplDaemon"="RUNDLL32.exe" [08/03/2004 11:56 PM C:\WINDOWS\system32\rundll32.exe]
    "POINTER"="point32.exe" []
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/17/2006 08:48 PM]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 11:51 AM]
    "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [07/07/2006 04:16 PM]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 08:16 PM]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [01/15/2007 04:14 PM]
    "Aim6"="" []
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
    backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
    Mixer.exe /startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
    "C:\Program Files\Norton Internet Security\osCheck.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    C:\Valve\Steam\Steam.exe -silent
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe


    -- End of Deckard's System Scanner: finished at 2007-11-20 12:38:29
  • SweepeRSweepeR
    edited November 2007
    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    -- System Information
    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: English
    CPU 0: Intel(R) Pentium(R) 4 CPU 2.60GHz
    CPU 1: Intel(R) Pentium(R) 4 CPU 2.60GHz
    Percentage of Memory in Use: 48%
    Physical Memory (total/avail): 1023.48 MiB / 530.17 MiB
    Pagefile Memory (total/avail): 2464.38 MiB / 2090.25 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1938.13 MiB
    A: is Removable (No Media)
    C: is Fixed (NTFS) - 172.29 GiB total, 42.58 GiB free.
    D: is Fixed (FAT32) - 14 GiB total, 1.92 GiB free.
    E: is CDROM (No Media)
    F: is CDROM (No Media)
    G: is Fixed (NTFS) - 93.13 GiB total, 8.7 GiB free.
    H: is Fixed (FAT32) - 18.65 GiB total, 0.72 GiB free.
    [URL="file://\\.\PHYSICALDRIVE0"]\\.\PHYSICALDRIVE0[/URL] - ST3120026A - 111.79 GiB - 2 partitions
    \PARTITION0 (bootable) - Installable File System - 93.13 GiB - G:
    \PARTITION1 - Extended w/Extended Int 13 - 18.66 GiB - H:
    [URL="file://\\.\PHYSICALDRIVE1"]\\.\PHYSICALDRIVE1[/URL] - ST3200822A - 186.31 GiB - 2 partitions
    \PARTITION0 (bootable) - Installable File System - 172.29 GiB - C:
    \PARTITION1 - Extended w/Extended Int 13 - 14.02 GiB - D:

    -- Security Center
    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is disabled.
    FW: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab)
    AV: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab)
    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

    -- Environment Variables
    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Owner\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=EDWIN
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Owner
    LOGONSERVER=\\EDWIN
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\PROGRAM FILES\COMMON FILES\ROXIO SHARED\DLLSHARED\;C:\PROGRAM FILES\COMMON FILES\ROXIO SHARED\9.0\DLLSHARED\;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem"
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0209
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
    RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
    USERDOMAIN=EDWIN
    USERNAME=Owner
    USERPROFILE=C:\Documents and Settings\Owner
    windir=C:\WINDOWS

    -- User Profiles
    Owner (admin)

    -- Add/Remove Programs
    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
    --> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    --> C:\WINDOWS\UNRecode.exe /UNINSTALL
    --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
    --> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
    --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
    --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
    --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
    --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
    --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
    Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
    Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
    Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
    Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
    Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
    AIM 6 --> C:\Program Files\AIM6\uninst.exe
    AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
    Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\SETUP.EXE" -l0x9 -uninst
    Ares 1.9.0 --> "C:\Program Files\Ares\uninstall.exe"
    aspi --> MsiExec.exe /I{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}
    Audio Editor Pro 2.81 --> "C:\Program Files\Mightsoft\Audio Editor Pro\unins000.exe"
    C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
    CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
    CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
    Cool Edit Pro 2.0 --> C:\Program Files\coolpro2\cep2unin.exe
    CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
    DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
    DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    DM9XInst --> c:\Program Files\DAVICOM\DM9XInst\uninst2k.exe {D9E09B07-6C95-11D5-AEBB-00606E910201} PCI\ WinXP
    DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
    EPSON Copy Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
    EPSON EIC CX5400 --> C:\Program Files\epson\epic\cx5400_e\uninstall.exe
    EPSON Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22901BB7-2C57-409E-AF2F-56FFFEA41116}\setup.exe" -l0x9 MyUninstall
    EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
    EPSON Scan --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\SETUP.EXE" -l0x9 UNINSTALL
    EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
    ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
    ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
    ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
    ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
    ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
    ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
    ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
    ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
    ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
    ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
    ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
    ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
    ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Image Converter .EXE 2.0.0.77 --> "C:\Program Files\Image Converter .EXE\unins000.exe"
    iPhoneBrowser --> MsiExec.exe /I{AD6F0759-EA94-490B-B40D-C0314D590AE1}
    iPhoneBrowser --> rundll32.exe dfshim.dll,ShArpMaintain iPhoneBrowser.application, Culture=neutral, PublicKeyToken=c37bff9de7e9d6d5, processorArchitecture=msil
    iPhoneRingToneMaker 1.3.2 --> "C:\Program Files\iPhoneRingToneMaker\unins000.exe"
    ITE Smart Accessories --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{596BDFE6-5C96-11D6-A1B0-0090CC0CE3C6}\Setup.exe" -l0x9
    iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
    J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
    J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
    Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
    Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3c0002_2227b6\Setup.exe /APR-REMOVE
    KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
    LimeWire PRO 4.9.7 --> "C:\Program Files\LimeWire\uninstall.exe"
    Macromedia Flash Player 8 --> C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe
    MAGIX Ringtone Maker 2 silver (US) --> C:\MAGIX\Ringtone_Maker_2_silver\instslct.exe
    Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
    MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    Nero 7 Premium --> MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371033}
    Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
    NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
    NVIDIA WDM Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\setup.exe"
    OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
    Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
    PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
    PCI Audio Applications --> C:\Program Files\PCI Audio Applications\Bin\Uninstall.exe
    PCI Audio Driver --> cmuninst.exe
    PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
    PS3 Video 9 1.94 --> C:\Program Files\Red Kawa\Video Converter\uninst.exe
    QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
    Roxio Easy Media Creator 9 Suite --> MsiExec.exe /I{70272964-C468-4C5F-8246-AA2CABA75941}
    ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
    SFR2 --> MsiExec.exe /I{ABE068DF-8DC4-4947-ABFC-DD2B40850225}
    Shareaza version 2.2.1.0 --> "C:\Program Files\Shareaza\Uninstall\unins000.exe"
    SlimBrowser (remove only) --> "C:\Program Files\SlimBrowser\uninst.exe"
    SOYO HW Monitor --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SOYO\HW Monitor\Uninst.isu"
    Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
    Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Steam --> C:\Valve\Steam\UNWISE.EXE C:\Valve\Steam\INSTALL.LOG
    SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    touchFree 0.6 --> C:\Program Files\touchFree\uninst.exe
    Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
    VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
    Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
    Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
    Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
    Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
    Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
    World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
    XML Paper Specification Shared Components Pack 1.0 -->
    Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe

    -- Application Event Log
    Event Record #/Type5010 / Error
    Event Submitted/Written: 11/20/2007 00:28:24 PM
    Event ID/Source: 4112 / H+BEDV AntiVir
    Event Description:
    An error occurred during a resource request to the Windows NT system.
    The resource <INIT11> has not been allocated.
    This could be due to an out-of-memory error or any other system failure.
    Returned error code:
    Event Record #/Type4997 / Error
    Event Submitted/Written: 11/19/2007 07:16:06 PM
    Event ID/Source: 4112 / H+BEDV AntiVir
    Event Description:
    An error occurred during a resource request to the Windows NT system.
    The resource <INIT11> has not been allocated.
    This could be due to an out-of-memory error or any other system failure.
    Returned error code:
    Event Record #/Type4982 / Error
    Event Submitted/Written: 11/19/2007 06:53:29 PM
    Event ID/Source: 4112 / H+BEDV AntiVir
    Event Description:
    An error occurred during a resource request to the Windows NT system.
    The resource <INIT11> has not been allocated.
    This could be due to an out-of-memory error or any other system failure.
    Returned error code:
    Event Record #/Type4981 / Error
    Event Submitted/Written: 11/19/2007 06:49:12 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Event Record #/Type4980 / Error
    Event Submitted/Written: 11/19/2007 06:45:24 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    -- Security Event Log
    No Errors/Warnings found.

    -- System Event Log
    Event Record #/Type1354 / Warning
    Event Submitted/Written: 11/20/2007 00:09:04 PM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
    Event Record #/Type1353 / Warning
    Event Submitted/Written: 11/20/2007 08:55:51 AM
    Event ID/Source: 36 / W32Time
    Event Description:
    The time service has not been able to synchronize the system time
    for 49152 seconds because none of the time providers has been able to
    provide a usable time stamp. The system clock is unsynchronized.
    Event Record #/Type1351 / Warning
    Event Submitted/Written: 11/20/2007 04:55:34 AM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
    Event Record #/Type1350 / Warning
    Event Submitted/Written: 11/20/2007 00:56:08 AM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
    Event Record #/Type1349 / Warning
    Event Submitted/Written: 11/19/2007 10:10:13 PM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    -- End of Deckard's System Scanner: finished at 2007-11-20 12:38:29
  • SweepeRSweepeR
    edited November 2007
    this is interesting only that panda log freezes the computer browser. the others work fine except for that one log. ne ideas?
  • peku006
    edited November 2007
    Hi SweepeR
    Your comp looks clean.
    Do you have problems?
    you can remove all tools we downloaded,

    I see Viewpoint installed.    .
    Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article.
    I suggest you remove the program now.

    Create a new, clean System Restore point which you can use in case of future system problems:
    Press Start->All Programs->Accessories->System Tools->System Restore
    Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

    Now remove old, infected System Restore points:
    Next click Start->Run and type cleanmgr in the box and press OK
    Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
    Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
    Press OK and Yes to confirm
    Update Java
    Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
    • Download the latest version of Java Runtime Environment (JRE) 6u2.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.
  • SweepeRSweepeR
    edited November 2007
    the problem i am having is that the computer is runnin slowww...i ran that scan (the one with the logs i just posted) and it seemed to have gone away "the slowness of the entire computer" but it lasted for about maybe 1 hr thats it. i dono why. it just responds to things slowly.
  • peku006
    edited November 2007
    HI
    Computer and browser slowness are not always malware related. Poor performance can be the result of disk fragmentation, disk errors, corrupt system files, too many startup programs, unnecessary services running, not enough RAM, etc. As your system gets older it becomes filled with more files/programs and has a natural tendency to slow down so regular maintenance is essential. Here are a few things you can do to improve speed and system performance:

    For browser problems, see "Its not always malware: How to fix the top 10 Internet Explorer issues" and "How and Why to Clear Your Cache". If your having connectivity issues or errors such as Page cannot be displayed see "Repair/Reset Winsock settings" and "Troubleshooting Internet Connection Problems".

    Defrag your system. Disk fragmentation slows the overall performance of your system. When files are fragmented, the computer must search the hard disk when a file is opened. Disk Defragmenter consolidates fragmented files and folders on the hard disk so that each occupies a single space on the disk. This speeds up reading and writing to the disk. Read "The Importance of Disk Defragmentation" for instructions.

    Check for disk errors by running CHKDSK in "SAFE MODE" or from the Recovery Console. In the Check Disk dialog box, select the "Scan for and attempt recovery of bad sectors check box, click "Start" and have it repair anything it finds. As you use your hard drive, it can develop bad sectors which slow down hard disk performance and make data writing difficult. Check Disk scans the hard drive and verifies the logical integrity of a file system by checking for system errors, lost clusters, lost chains, and bad sectors. When encountering logical inconsistencies in file system data, it will perform the necessary actions to repair the file system data.

    Check for damaged, altered or missing critical system files by running the System File Checker. If SFC discovers that a protected file has been damaged, altered or missing, it restores the correct version of the file from the cache folder. You must be logged on as an administrator or as a member of the Administrators group to run sfc and it may ask you to insert your XP Installation CD so have it available.

    Clean up your hard drive by removing unused programs and transferring old data, pictures, music files to a CD or an external hard drive. When you have moved/saved the files you want to keep, run Disk Cleanup and let it scan your system for files to remove. "Don’t clean out the Prefetch folder" - This is a common myth that will not improve performance.

    As an alternative to Disk Cleanup you can download and scan CCleaner.
    (Starting with v1.27.260, the standard build installs the Yahoo Toolbar as an option which is checkmarked by default during the installation. IF you do NOT want it, remove the checkmark when provided with the option OR download the toolbarfree Basic version instead.) Check for any unnecessary running services. If you have a typical installation, many services are configured as "automatic"; that is, they start automatically when the system starts or when the service is called for the first time. Use "Black Viper's Services Configuration hosted by MajorGeeks" to help fine tune this area.

    Check for any unnecessary applications loading at startup when Windows boots with MSConfig. Some startup programs are necessary so be careful what you disable. If you are unsure what any of the startup entries are or if they are safe to disable, then search one of the following Startup Databases:
    StartupList Index
    Startup Programs Database

    Note: MSConfig.exe is a troubleshooting utility used to diagnose system configuration issues. Although it works as a basic startup manager which allows you to enable/disable auto-start programs, msconfig should not be used routinely to disable startup programs.

    A better alternative is to use a startup manager. If you have have Spybot S&D 1.4 installed, launch it, go to Mode and select Advanced. Then go to Tools, select System Startups. You will be provided with a list of programs that load when Windows starts. If you untick an entry it will no longer run at startup. This will allow you to experiment and see how your system performs with any of them disabled. Other startup managers you can download and use for free are Startup Control Panel, Autoruns and Starter by CodeStuff.

    Remove any third party "Memory Manager" or "Optimizer". Windows XP memory management was designed to make the best use of Ram and these memory management utilities defeat that purpose. They push applications out of RAM into the pagefile, creating holes in the RAM and by doing so, slow down your computer.

    Disable some visual effects. While visual embellishments that may be attractive, they don’t do anything else for you. Disabling some of them frees up system resources and makes the operating system perform better. Right click My Computer, choose > Properties > Advanced, click on "Settings" under performance...UNcheck all the visual effects, except for the last three. Click "Apply", then "OK", then "OK" again. Then right click your desktop and choose > Properties > Appearance > "Effects...Uncheck the first two boxes and hit "OK".

    Adding more RAM is a quick solution that can have a dramatic affect on your system's speed and responsiveness. You can check how much RAM you have by going to Start > Program Files > Accessories > System Tools > System Information and look at your System Summary. For more info see "Understanding, Identifying and Upgrading the RAM in your PC".

    For more suggestions and performance tips read:
    "Restore Your Computer's Performance with Windows XP"
    "XP Performance Tweaks"
    "Performance Boost for XP"

    When you are all done be sure to Create a new Restore Point to enable your computer to "roll-back" to a clean working state keeping all the changes you just made.
  • SweepeRSweepeR
    edited November 2007
    ok i was tyrin to do theone that asks for the original XP cd and it popped up and when i put the CD in it asked for the XP Prof CD (which was already in) so i tried again and it said the same thing. for some reason it keeps asking me for the Prof when that is the one i am putting into the computer.

    2nd. I doubt its the memory b/c this was never an issue until the Virus/crash in which u helped me with to fix. it goes away during scans cleans and such but once its done it comes back within a few min.
  • peku006
    edited November 2007
    Hi
    1. Download combofix from one of these links:
    Link1
    Link2
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log in your next reply

    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall



    Run Kaspersky Online Scan. Order to use it you have to use Internet Explorer.
    • Go here to run an online scannner from Kaspersky.
    • Click on "Kaspersky Online Scanner"
    • A new smaller window will pop up. Press on "Accept". After reading the contents.
    • Now Kaspersky will update the anti-virus database. Let it run.
    • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
    • Then click on "My Computer", and the scan will start.
    • Once finished, save the log as "KAV.txt" to the desktop.
    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



    Post the contents of the kaspersky scan report,
    combofix.txt
  • SweepeRSweepeR
    edited November 2007
    hey i was thinkin do u think it might have nethin to do with all the diff spyware and virus programs running at once? i mean theres spy sweeper kaspersky that other superantispywhere and so forth.
  • SweepeRSweepeR
    edited November 2007
    ComboFix 07-11-19.3 - Owner 2007-11-22 12:48:17.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.177 [GMT -8:00]
    Running from: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8FM1QPAR\ComboFix[1].exe
    * Created a new restore point
    .
    ((((((((((((((((((((((((( Files Created from 2007-10-22 to 2007-11-22 )))))))))))))))))))))))))))))))
    .
    2007-11-22 03:15 230 --a
    C:\WINDOWS\system32\spupdsvc.inf
    2007-11-20 12:22 <DIR> d
    C:\Deckard
    2007-11-11 21:37 0 --a
    C:\WINDOWS\system32\asfiles.txt
    2007-11-11 21:15 30,590 --a
    C:\WINDOWS\system32\pavas.ico
    2007-11-11 21:15 2,550 --a
    C:\WINDOWS\system32\Uninstall.ico
    2007-11-11 21:15 1,406 --a
    C:\WINDOWS\system32\Help.ico
    2007-11-09 12:44 <DIR> d
    C:\Documents and Settings\Owner\DoctorWeb
    2007-11-06 22:29 <DIR> d
    C:\Program Files\iTunes
    2007-11-06 22:29 <DIR> d
    C:\Program Files\iPod
    2007-11-06 22:26 <DIR> d
    C:\Program Files\QuickTime
    2007-11-06 17:09 <DIR> d
    C:\Program Files\SUPERAntiSpyware
    2007-11-06 17:09 <DIR> d
    C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    2007-11-06 17:09 <DIR> d
    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-05 13:03 <DIR> d
    C:\Program Files\Trend Micro
    2007-11-03 08:12 82,061 --a
    C:\WINDOWS\system32\drivers\klick.dat
    2007-11-03 08:12 81,549 --a
    C:\WINDOWS\system32\drivers\klin.dat
    2007-11-03 08:11 <DIR> d
    C:\Program Files\Kaspersky Lab
    2007-11-03 08:11 14,004,512 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-11-03 08:11 191,804 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-11-03 08:11 89,888 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-11-03 08:11 10,232 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-11-02 18:34 <DIR> d
    C:\WINDOWS\ERUNT
    2007-11-02 18:28 <DIR> d
    C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
    2007-11-02 18:07 <DIR> d
    C:\Program Files\Avira
    2007-11-02 18:07 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Avira
    2007-11-02 12:30 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-10-29 12:24 <DIR> d
    C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-29 12:24 <DIR> d
    C:\KAV
    2007-10-28 17:59 <DIR> d
    C:\Documents and Settings\NetworkService\Application Data\Webroot
    2007-10-28 17:03 <DIR> d
    C:\Program Files\Windows Sidebar
    2007-10-28 17:02 <DIR> d
    C:\Documents and Settings\LocalService\Application Data\Webroot
    2007-10-28 17:01 117,248 --a
    C:\WINDOWS\system32\drivers\ssidrv.sys
    2007-10-28 17:01 15,360 --a
    C:\WINDOWS\system32\drivers\sshrmd.sys
    2007-10-28 17:01 14,848 --a
    C:\WINDOWS\system32\drivers\sskbfd.sys
    2007-10-28 17:01 13,824 --a
    C:\WINDOWS\system32\drivers\SSFS041A.sys
    2007-10-28 17:00 <DIR> d
    C:\Program Files\Webroot
    2007-10-28 17:00 <DIR> d
    C:\Documents and Settings\Owner\Application Data\Webroot
    2007-10-28 16:59 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Webroot
    2007-10-28 16:55 10,652 --a
    C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-10-28 16:55 806 --a
    C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-10-28 16:26 8,192 --a
    C:\WINDOWS\system32\drivers\changer.sys
    2007-10-24 20:59 <DIR> d
    C:\Program Files\iPhoneBrowser
    2007-10-23 02:01 <DIR> d
    C:\Program Files\MSXML 6.0
    2007-10-23 00:41 <DIR> d
    C:\Program Files\touchFree
    2007-10-22 18:38 <DIR> d
    C:\Program Files\MSBuild
    2007-10-22 18:32 <DIR> d
    C:\Program Files\Reference Assemblies
    2007-10-22 18:31 14,048
    C:\WINDOWS\system32\spmsg2.dll
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-13 06:08
    d
    w C:\Program Files\LimeWire
    2007-11-13 06:07
    d
    w C:\Program Files\Microsoft IntelliType Pro
    2007-11-13 05:22
    d
    w C:\Program Files\Ares
    2007-11-13 05:21
    d
    w C:\Program Files\AIM6
    2007-11-12 08:07
    d
    w C:\Program Files\Shareaza
    2007-11-06 08:06
    d
    w C:\Program Files\Common Files\Symantec Shared
    2007-11-03 16:29 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2007-10-31 22:09 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
    2007-10-29 00:27 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
    2007-10-24 05:22
    d
    w C:\Documents and Settings\All Users\Application Data\Viewpoint
    2007-10-24 05:19
    d
    w C:\Documents and Settings\All Users\Application Data\AOL Downloads
    2007-10-22 05:45 50,592 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
    2007-10-13 07:09
    d
    w C:\Program Files\Common Files\MAGIX Shared
    2007-10-11 07:15
    d
    w C:\Program Files\iPhoneRingToneMaker
    2007-10-11 07:15
    d
    w C:\Documents and Settings\Owner\Application Data\iPhoneRingToneMaker
    2007-10-11 06:37
    d
    w C:\Program Files\Mightsoft
    2007-10-11 06:37
    d
    w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-11 05:45
    d
    w C:\Program Files\coolpro2
    2007-10-11 05:45
    d
    w C:\Documents and Settings\Owner\Application Data\Syntrillium
    2007-10-02 02:31
    d
    w C:\Documents and Settings\Owner\Application Data\Apple Computer
    2007-10-01 23:49
    d
    w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-10-01 23:48
    d
    w C:\Program Files\Apple Software Update
    2007-10-01 23:47
    d
    w C:\Program Files\Common Files\Apple
    2007-10-01 23:47
    d
    w C:\Documents and Settings\All Users\Application Data\Apple
    2001-11-23 03:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    .
    ((((((((((((((((((((((((((((( [EMAIL="snapshot@2007-11-02_20.42.44.90"]snapshot@2007-11-02_20.42.44.90[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-10-30 01:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
    + 2007-11-09 00:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe
    + 2006-09-07 01:43:16 213,216 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
    + 2007-11-07 05:49:14 10,134 ----a-r C:\WINDOWS\Installer\{AD6F0759-EA94-490B-B40D-C0314D590AE1}\_82D9C6E45CC198D2FA538F.exe
    + 2007-11-07 05:49:14 10,134 ----a-r C:\WINDOWS\Installer\{AD6F0759-EA94-490B-B40D-C0314D590AE1}\_F7FD726E6EFC95AC689DC5.exe
    + 2007-11-07 03:51:44 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
    + 2007-11-07 03:51:44 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    + 2007-11-07 03:51:44 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    + 2007-11-07 06:29:49 102,400 ----a-r C:\WINDOWS\Installer\{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}\iTunesIco.exe
    + 2006-06-03 11:40:49 33,792
    w C:\WINDOWS\network diagnostic\custsat.dll
    + 2006-10-10 12:44:50 557,568
    w C:\WINDOWS\network diagnostic\xpnetdiag.exe
    - 2007-06-17 07:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
    + 2007-06-17 08:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
    + 2007-03-29 17:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
    + 2006-10-06 00:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
    + 2005-06-03 22:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
    + 2003-08-01 19:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
    + 2005-05-20 21:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
    + 2006-02-17 02:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
    + 2005-10-26 02:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
    + 2004-05-04 23:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
    + 2006-07-14 21:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
    + 2006-04-10 18:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
    + 2006-02-14 21:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
    + 2006-02-17 02:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
    + 2006-10-06 00:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
    + 2006-06-30 22:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
    + 2004-02-04 22:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
    + 2006-08-01 21:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
    + 2006-08-23 21:06:08 1,388,544 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
    + 2006-08-17 19:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
    + 2006-09-04 19:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
    + 2006-08-18 16:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
    + 2007-03-26 22:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
    + 2006-08-09 18:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
    + 2006-07-19 18:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
    + 2006-01-21 00:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
    + 2006-05-17 17:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
    + 2006-08-16 18:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
    + 2006-06-30 22:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
    + 2006-08-17 22:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
    + 2006-08-08 21:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
    + 2006-08-18 16:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
    + 2006-08-18 16:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
    + 2007-04-19 01:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
    + 2007-01-22 22:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
    + 1997-09-18 14:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
    + 2006-03-01 01:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
    + 2006-08-02 20:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
    - 2007-11-03 02:26:13 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2007-11-03 16:20:28 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2007-11-03 02:26:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2007-11-03 16:20:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2007-11-03 02:26:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2007-11-03 16:21:38 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2004-08-04 07:56:41 1,852,416 -c--a-w C:\WINDOWS\system32\dllcache\acgenral.dll
    + 2004-08-04 07:56:41 450,048 -c--a-w C:\WINDOWS\system32\dllcache\aclayers.dll
    + 2004-08-04 07:56:41 244,736 -c--a-w C:\WINDOWS\system32\dllcache\acspecfc.dll
    + 2004-08-04 07:56:41 116,224 -c--a-w C:\WINDOWS\system32\dllcache\acxtrnal.dll
    + 2004-08-04 07:56:41 20,540 -c--a-w C:\WINDOWS\system32\dllcache\admin.dll
    + 2004-08-04 07:56:47 16,439 -c--a-w C:\WINDOWS\system32\dllcache\admin.exe
    + 2004-08-04 07:56:41 43,520 -c--a-w C:\WINDOWS\system32\dllcache\admwprox.dll
    + 2004-08-04 07:56:41 290,816 -c--a-w C:\WINDOWS\system32\dllcache\adsiis51.dll
    + 2004-08-04 07:56:47 98,304 -c--a-w C:\WINDOWS\system32\dllcache\ahui.exe
    + 2004-08-04 07:56:41 126,976 -c--a-w C:\WINDOWS\system32\dllcache\apphelp.dll
    + 2004-08-04 07:56:41 65,024 -c--a-w C:\WINDOWS\system32\dllcache\asycfilt.dll
    + 2004-08-04 07:56:41 30,208 -c--a-w C:\WINDOWS\system32\dllcache\atmlib.dll
    + 2004-08-04 07:56:41 20,540 -c--a-w C:\WINDOWS\system32\dllcache\author.dll
    + 2004-08-04 07:56:47 16,439 -c--a-w C:\WINDOWS\system32\dllcache\author.exe
    - 2004-09-23 01:45:40 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
    + 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
    - 2006-12-19 21:52:18 8,453,632 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
    + 2007-10-26 03:34:01 8,460,288 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
    + 2007-04-28 23:51:02 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
    + 2007-06-28 00:31:58 186,640 ----a-w C:\WINDOWS\system32\drivers\klif.sys
    + 2007-04-04 21:58:26 24,344 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
    + 2007-06-28 19:50:52 22,457 ----a-w C:\WINDOWS\system32\drivers\klop.dat
    + 2007-10-31 22:09:14 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
    + 2006-06-29 16:05:44 26,112
    w C:\WINDOWS\system32\idndl.dll
    + 2007-08-14 02:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
    - 2005-05-24 19:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2005-05-24 20:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    - 2007-08-29 22:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2007-08-29 23:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    - 2007-08-29 22:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    + 2007-08-29 23:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    + 2007-06-28 19:51:48 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
    - 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2006-06-29 01:59:26 24,576
    w C:\WINDOWS\system32\nlsdl.dll
    + 2006-06-29 16:05:44 23,552
    w C:\WINDOWS\system32\normaliz.dll
    - 2007-10-23 02:39:34 66,608 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2007-11-22 20:39:19 66,608 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-10-23 02:39:34 428,208 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2007-11-22 20:39:19 428,208 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
    + 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\shell32.dll
    - 2007-07-23 01:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
    + 2007-07-23 02:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
    - 2004-08-04 07:56:46 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
    + 2006-03-24 04:37:50 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
    + 2006-07-14 15:51:51 121,856
    w C:\WINDOWS\system32\xmllite.dll
    - 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    + 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    + 2003-03-26 02:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]
    "Aim6"="" []
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [2003-05-26 19:00]
    "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2005-12-04 15:38]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
    "POINTER"="point32.exe" []
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-17 20:48]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 11:51]
    "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-07-07 16:16]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    C:\WINDOWS\system32\klogon.dll 2007-06-28 11:51 206088 C:\WINDOWS\system32\klogon.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
    backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2005-06-06 22:46 57344 --a
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
    Mixer.exe /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2007-11-02 18:36 267048 --a
    C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 15:40 155648 --a
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
    C:\Program Files\Norton Internet Security\osCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\QTTask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2003-12-08 16:35 32768 --a
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2006-10-27 08:41 221184 --a
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    C:\Valve\Steam\Steam.exe -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2005-11-10 12:03 36975 --a
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2007-02-13 10:29 35328 --a
    C:\Program Files\Winamp\winampa.exe
    R0 SSFS041A;Spy Sweeper File System Filer Driver: 041A;C:\WINDOWS\system32\Drivers\SSFS041A.SYS
    R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
    R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
    S3 iteio;iteio;\??\C:\WINDOWS\system32\drivers\iteio.sys
    S3 itsernum;itsernum Filter ÅX°Êµ{¦¡;C:\WINDOWS\system32\DRIVERS\itsernum.sys
    S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
    S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;C:\WINDOWS\system32\DRIVERS\wg121nd5.sys
    .
    **************************************************************************
    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-22 13:02:04
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    Completion time: 2007-11-22 13:04:17
    C:\ComboFix2.txt ... 2007-11-07 19:46
    C:\ComboFix3.txt ... 2007-11-06 13:21
    .
    --- E O F ---
  • SweepeRSweepeR
    edited November 2007
    found 6 viruses and 20 infected objects....
    KASPERSKY ONLINE SCANNER REPORT
    Thursday, November 22, 2007 7:41:59 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 23/11/2007
    Kaspersky Anti-Virus database records: 464312
    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true
    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    Scan Statistics:
    Total number of scanned objects: 219232
    Number of viruses found: 6
    Number of infected objects: 20
    Number of suspicious objects: 0
    Duration of the scan process: 04:03:42
    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0459_AdBlocker_eventcritlog.rpt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0459_AdBlocker_eventlog.rpt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\045a_popupchk_eventcritlog.rpt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\045a_popupchk_eventlog.rpt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\045b_PrivacyControl_eventcritlog.rpt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\045b_PrivacyControl_eventlog.rpt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\045e_File_Monitoring_eventlog.rpt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0460_Web_Monitoring_eventlog.rpt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\eventlog.rpt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0254452D-CAD5-4BDF-A502-21B06F7F907C.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS02904F26-1298-4D5A-B7AB-E445F7B204A0.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS04541314-0552-4D66-B615-319D69386E04.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS049298F9-B330-4A4E-8945-288A3B98877D.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS04F7414B-C909-4549-B814-03ECCBD4FFA4.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0741109B-E0A7-45D4-AD4C-588E74C409E8.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0B8F1CD0-06AD-42F2-AD07-31AE119C7F3C.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0CBFEEBA-8480-46DC-B647-7C287CAA1A85.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0EBF3F77-8F16-4B79-A743-13377C149921.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1839DA3D-0F41-481F-95C2-C8AA5D533256.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1AF12773-286F-417D-9AFD-CB888A7063C5.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1CCF183D-DF92-4E92-82F8-537B831E99CC.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1CF8645A-A2D1-4813-828C-2497DA958E12.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS20E9090A-0B74-4350-8D5F-562538496F35.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS21E2D336-BB88-4630-8137-3CDAF29F6BFE.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS27A051B3-E3DD-4BFD-BA44-BB0F37B29EA6.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2A078494-AAFA-4471-A72E-92CDB9BC6DA9.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2AB5F948-616C-434F-8016-B112A9084C7A.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2DCFB1E2-E24A-46E7-95C1-E79AA6A15717.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2E8EC6BA-8ED8-41D2-80E6-2918C1CC56C3.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS31E7BC9A-8AF1-4369-AB35-9085AC23D83E.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS34406278-7ED8-44EB-83F4-5D8746808289.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS361BF45E-4436-421E-BEA5-FDD5A4A5DAE6.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3F370836-A5AB-40D6-9594-0A39897D8618.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS429EC6DB-DB70-47D4-88DF-A7F2390AAECE.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS43FE6132-A155-47B8-BC36-E5792A2A1316.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS451D35A9-6E5C-4313-A001-9EF76240CD66.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS465F6B7A-3301-472B-9C1D-75B29DC03487.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS48E8BD86-291E-447F-B614-A174B1D4543A.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4A7515BF-135F-4727-AE1A-20E7286F3415.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4B602B62-6661-4528-8C0A-4B2EBA25655F.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4CD77869-FE55-4BD6-9865-9E3ECB7B02D5.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4D8916F3-A998-4514-AFF7-FF70E63A032D.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4DE19863-65C4-42E9-B256-B0EFA0617430.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4EF3346B-59F3-49E6-BFA1-187D59100F7D.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5780CBBE-6FBE-4AD0-BE8C-6086534D10BC.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS591B03B2-7B29-4285-B7E9-5049105FA051.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5D9B7FCD-AAB9-419C-9A0A-0C2B7DDE61F9.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5ECDEF2F-7816-40AF-A929-28CA6E2E4BAF.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS63109F4D-2672-4B1C-912B-8B0848B16A7A.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS66C3D108-C6BA-4389-83AE-5ABDF8B02005.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6898BBA3-7735-444F-8FA6-EABD397D9D8B.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6ACF35DA-BB81-4263-9094-3E7E1623A092.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS700C7CEA-BEE7-4608-A717-0AA3EB111F3F.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS70334BE2-AEE0-4295-B099-20ED64523746.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS706DDE8F-A5C5-4C23-9C74-F3A4B69A9C86.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7321C18C-E575-4F28-AFCB-6E8731C4CB1F.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS73563D38-47CA-4C7A-B0E3-9CB12675452F.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7360BB9D-58F9-4A76-B42E-257262CD8587.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS761B4451-1186-44ED-9904-0FFF7D997C0A.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS77321C4A-21FD-4BEE-B371-C7B6750A6585.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7AE61CF7-13CB-48B7-B831-ED925DCF71AA.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7C59C888-B313-44A7-8800-27D85641F56E.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS82F4478C-0FC8-4730-B016-6FD2DCB6EC9F.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS83F2AA9F-4C97-4544-8D65-52AE5CBCC005.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS871BB777-35C1-4538-860B-FF9016317226.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS87DF42F4-A60D-4D71-A16F-9E6A934518F0.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8B562BA9-99A8-4ECC-8FA2-81B720149F8E.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8D62C0F7-2B15-4562-96E3-009383455500.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8F341F33-0B66-42B0-9C2A-40E3198EED82.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8F61FEEC-3441-47CB-8236-667606E4108F.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS93601CE1-11CB-47D9-8EE8-1AC09EB172E6.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS961E2090-4162-4C1B-B459-E4655CA2AF67.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS96BD9F20-CC14-4021-AA3C-BBCDA5262DE0.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS987A352E-2DE6-4690-8FBC-649D9A528A10.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS98C2A470-B7E0-42BE-96AC-78AAE7205EC3.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS99BE4892-E0B5-499B-B484-D0BA90DA9D3B.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9B8911BE-18DA-492F-A9F4-BAAD08954190.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9EB9566C-35C5-4FE4-9034-468F32A95DC8.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA0859752-2815-4391-A820-128630CF5389.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA0F44240-51B6-4485-91C7-8DEEABE4CEA1.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA683CAA9-DC1E-4BDE-8CC1-57F2D1A0CC69.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA73ED1B7-4141-4AE4-B9D2-8806BE42D192.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA9932453-A8F7-428E-8926-3B3421FA27F6.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAF3622F7-2B36-4DFC-9400-4462C4F9FD57.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB3CCDA55-AA50-4540-8CF3-EA1E4205539D.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB4A1C332-5BC6-49EC-B732-CB02F6FC9642.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB5A27CD2-E1BB-4DDC-AE9C-5A02F5AE0618.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB86F1A4E-9F50-4051-8990-6AF44BC39CC3.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB8B9E3C3-0386-45F4-A0E0-4FCFB3B249E4.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBDC9D5E1-7994-49CB-BCF4-A0CAB5BFC2F5.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBFA9288A-EB3E-46AF-9AA7-B3C3FB18B9A0.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC17C5534-E40F-4F32-94E0-8ACDFC7C6722.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC291F2EB-5295-41CE-8FEA-B016EBD368AC.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC34F8603-8481-441C-986C-80D2EC3714F2.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC9589874-EB12-4257-899B-67413A84E737.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCA5D54CE-CBBF-4A3E-AFA6-30A24A5CB7F1.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD0B7D8B5-28AB-4AFA-8593-6BA787DF77D0.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD235A6DD-F808-4D6F-B5ED-3A26D5511B6F.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD57809F9-FF7C-485E-9921-BF98EA7E80BA.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD6599DF6-ECC0-44EB-AD7D-EED78030501D.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD70DC7AB-DDA9-411F-AE35-0AA56659897B.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD72BE594-0A07-4C4D-8384-EF34F88BEF71.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD8B09F0A-5EB1-4558-AF07-C48614CC418F.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDADFE3F2-593B-47DB-A4EF-ED2544B39D37.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDC6CE03F-91BF-476B-8C12-99E158C737C8.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE11EE900-ECAE-4E54-B39C-F5EEAD683861.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE1AA65AA-E9CA-484F-8977-0578BCB6E7EF.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE2650ABB-3124-4D15-BAA7-46670717B86B.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEB107867-2B78-4C28-B5A0-9D391BA30AB0.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEB72C1DA-BA89-402E-9E1E-27984D08AA99.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEC014E7F-8FF7-4387-80CB-7BBB25D28A71.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEC2A96F6-FA5B-4BD4-90E1-544EFC54DFBF.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF338DFC9-8024-4F22-A2A9-22FDDD8EF5F4.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF55715B3-C6C4-4464-A65C-2EFE81FCE843.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF7FC24A6-CD07-4E3C-98F1-2A4B451A52D1.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFD0077DC-DD21-4A7D-BDA6-CEC74F19F1B6.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFD26D8B4-A7E1-4116-B800-3E87F39FD22E.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFD8B0856-4E34-41E0-8339-FBD53BBC5B87.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Owner\Application Data\acccore\nss\cert8.db Object is locked skipped
    C:\Documents and Settings\Owner\Application Data\acccore\nss\key3.db Object is locked skipped
    C:\Documents and Settings\Owner\Application Data\Roxio\MediaManager9\Album.ldb Object is locked skipped
    C:\Documents and Settings\Owner\Application Data\Roxio\MediaManager9\Album.psod Object is locked skipped
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1181d259-61c54a92.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1181d259-61c54a92.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-5ae41626.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-5ae41626.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-7950390c.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-7950390c.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-3d89d9cd.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-3d89d9cd.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-6cd81f29.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-6cd81f29.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
    C:\Documents and Settings\Owner\Application Data\Webroot\Spy Sweeper\Logs\071119202928.ses Object is locked skipped
    C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
    C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
    C:\Documents and Settings\Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
    C:\Documents and Settings\Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\data\streetsweeper74\localStorage\common.cls Object is locked skipped
    C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{DCD2C82B-F6E4-4673-AA21-B342DF23FA41}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
    C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{DCD2C82B-F6E4-4673-AA21-B342DF23FA41}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
    C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
    C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.mst Object is locked skipped
    C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP562\A0152681.exe Infected: Trojan.Win32.Agent.crf skipped
    C:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP562\A0152682.exe Infected: Trojan-Downloader.Win32.Adload.ni skipped
    C:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP562\A0152693.exe Infected: not-virus:Hoax.Win32.Renos.rs skipped
    C:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP562\A0152712.exe Infected: not-virus:Hoax.Win32.Renos.rs skipped
    C:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP562\A0157666.exe:exe.exe:$DATA Infected: Trojan.Win32.Obfuscated.ka skipped
    C:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP562\A0157666.exe:ext.exe:$DATA Infected: Trojan.Win32.Obfuscated.jv skipped
    C:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP562\A0157845.exe Infected: not-virus:Hoax.Win32.Renos.rs skipped
    C:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP562\A0157872.exe Infected: Trojan-Downloader.Win32.Adload.ni skipped
    C:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP562\A0157873.exe Infected: Trojan.Win32.Agent.crf skipped
    C:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP562\A0157875.exe Infected: not-virus:Hoax.Win32.Renos.rs skipped
    C:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP592\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
    C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
    C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
    C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\TEMP\cch~177b62b7750.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~177b65f2ca0.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~17977f0a92c.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~179783608d4.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1b43758bf8a0.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1b4375c138cc.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bae5319914a.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bae535d2326.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bb5a1cd7372.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bb5a207dbb2.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbadc1c384e.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbadc558df6.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbdcfed7640.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbdd0175b4c.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbdd0eb157c.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbdd1182adc.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbdd3bd0eb0.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbdd3f50938.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbdd8170560.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbdd850a1dc.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbdda148fa0.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbdda4810e4.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbde073c82c.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbde1e0ca98.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbde910a6d4.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbde93cb0a4.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbdebecb744.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbded700420.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbded7da360.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbdf14e9144.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe005f8b3c.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe01937774.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe01c0a080.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe0219b020.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe0611258c.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe06421570.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe065cac78.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe07237c28.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe0935e478.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe0972716c.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe1876ff50.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe18ac71d8.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe1c1aedfc.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe1db6d860.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe2530755a.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe2a3de5b2.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe3b9e25fe.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe3d581266.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe456b034a.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bbe45a21d6a.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bc9bb563c5c.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bc9bb9da714.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bc9c11a1738.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bc9c14f6168.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bcb8cdbde32.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bcb8d11afbe.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bcde3573c40.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bcde38c6de8.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bcde62565b6.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bcde6586a72.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd1fd72deba.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd1fda51fda.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd212d1b936.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd2185583d8.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd3cfb81f92.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd3cff7b4b6.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd463ecb0b6.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd464258d4e.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd464285926.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4689ac220.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4726a2428.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4729fd68c.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4b273c330.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4ce2b5ee0.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4ce3a5d34.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4ce578d60.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4d2400810.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4d7065ece.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4d7d59416.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4d841a586.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4d85094ce.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4d8677cee.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4d86cc53a.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4d95cae36.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4dbcbb76e.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4e80fd376.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4f0c13626.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4f0c2846a.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4f0e25eae.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4f0e7e1de.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4f1095966.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4f11d1fe6.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd4f1f1745e.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd5033935f2.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd7a37c038c.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bd7a3cb672c.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bdad3d8694a.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bdad415fa9a.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bdb5f8c675a.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bdb5fce40a6.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bdd918a8fe4.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bdd9220ba60.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bdd9255b2d0.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bdd92bf5dc8.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bdd97256858.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bdd989a1484.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bdd99584f64.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bdd9990c694.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bdd9bf308a0.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bdd9da378dc.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bdd9e068328.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bdd9e780518.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bdda7abaff6.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bdda96ce982.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bddb3d6a1aa.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bddbdf603ba.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bddbe1117d6.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bddbeb228e2.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bddce275d86.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bddd2660b2a.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bddd80cda2e.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bddd8647e0a.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bddf6a8f636.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bddf8556f4a.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bde04f63cc6.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bde1e13b656.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bde1e1bc76e.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bde1e64828e.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bde1e70ace2.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bde23da1ade.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bde26a60a8a.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bde26ce4e92.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bde2baf2276.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bde2d018e1e.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bde2fe09f9e.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bde2fe3e422.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bde311a67c6.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bde368c9436.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bde36db83f2.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bde36dc6496.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bde3ccbdb4e.htp Object is locked skipped
    C:\WINDOWS\TEMP\cch~1bde5453c05a.htp Object is locked skipped
    C:\WINDOWS\TEMP\JET4FFA.tmp Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP592\change.log Object is locked skipped
    G:\Ares Downloads\___ARESTRA___01 boyz.mp3 Object is locked skipped
    G:\Ares Downloads\___ARESTRA___01-paramore-misery_business(3).mp3 Object is locked skipped
    G:\Ares Downloads\___ARESTRA___03 hard fi - once upon a time in the west - tonight.mp3 Object is locked skipped
    G:\Ares Downloads\___ARESTRA___21-hot_dollar-streetz_on_lock_(feat _rick_ross_and_gucci_mane).mp3 Object is locked skipped
    G:\Ares Downloads\___ARESTRA___angles & airwaves - everything's magic.mp3 Object is locked skipped
    G:\Ares Downloads\___ARESTRA___finger eleven - paralyzer(57)(2).mp3 Object is locked skipped
    G:\Ares Downloads\___ARESTRA___hatethatiloveyou-kevipodmusic[1] blogspot com(2).mp3 Object is locked skipped
    G:\Ares Downloads\___ARESTRA___jennifer_lopez_ft_ludacris-do_it_well_(official_remix).mp3 Object is locked skipped
    G:\Ares Downloads\___ARESTRA___korn - evolution(2).mp3 Object is locked skipped
    G:\Ares Downloads\___ARESTRA___korn- evolution (studio rip).mp3 Object is locked skipped
    G:\Ares Downloads\___ARESTRA___korn-evolution.mp3 Object is locked skipped
    G:\Ares Downloads\___ARESTRA___korn_-_evolution.mp3 Object is locked skipped
    G:\Ares Downloads\___ARESTRA___rick ross - speedin feat r kelly.mp3 Object is locked skipped
    G:\Ares Downloads\___ARESTRA___she wants revenge - this is forever.mp3 Object is locked skipped
    G:\Ares Downloads\___ARESTRA___she wants revenge - written in blood(2).mp3 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08c089760e1fbacd8aaaebf2baa75fd7_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d14758456fe8c0d1b4cc44439c08089_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1997de36275cbfdfbeaffedc24612f52_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2432f4f47bd6578d1c5658cfa7630ba5_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37ebbec6933386b92ed34c1c8ee08646_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c87cfb02c23fe72fd8483060984f9d7_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\406841e09c62b0580da0d390698d2082_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4329cec59818cee133eb03cbb1b7c0cc_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\43ef07eb6ff40575afb0c483f1160b17_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46eb954415ea71600c49f4470eea07ce_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4748038f73d1c450e83631857f5c3f4f_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65edd36b73a7034a539462fe89c957ad_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6cc44dbbc236519fdf8e8e4b0d03fe30_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80ece702f1340009efd190393b13702b_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\843b9b7faef49b30339fdf903e5e8560_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\97545a4377315db7eec3957d16c7af69_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\abd701fab6ddcf9669f14554a312b27e_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b69f9f0a6fb8e652d516a7f9882a1047_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcb13bad3b9744baf3eac33884eace49_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf1530eccd77cc8dd123939319421040_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c345e98306afbb008e2882f57013eed9_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce3d30d8e41b3c2d46e0236574f097fa_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d0cd5c061baca6618a96ee400ae403c9_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dac8410a88ab39f215372ee5bad1940f_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f06f6a63a9384fb34d24799dcc12d5b6_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fadde581360e04aeb0402d6268fad3b7_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped
    G:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
    G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    G:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP592\change.log Object is locked skipped
    G:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
    G:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped
    G:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll.000 Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
    G:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
    G:\WINDOWS\$NtUninstallQ329115$\reg00003 Object is locked skipped
    G:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
    G:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
    H:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP592\change.log Object is locked skipped
    Scan process completed.
  • peku006
    edited November 2007
    Hi SweepeR
    Well those scans certainly came up clean. I don't believe your issue is Malware related.
    It's possible that there are simply too many programs running at once .
    found 6 viruses and 20 infected objects....
    10 C:\System Volume Information
    10 in your Java cache

    Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
    Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation
    Additional information on the safety of Peer to Peer programs themselves is here :
    Clean/Infected P2P Programs


    There's some malware in your Java cache so lets clear it.
    • Press Start
    • Go to Control Panel
    • Click Java
    • Under Temporary Internet Files click Settings...
    • Now click Delete files...
    • Select both options and click OK
    • The temporary files will now be deleted.
    • When done click OK twice and close Control Panel

    This is a good time to clear your existing system restore points and establish a new clean restore point:

    Create a new, clean System Restore point which you can use in case of future system problems:
    Press Start->All Programs->Accessories->System Tools->System Restore
    Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

    Now remove old, infected System Restore points:
    Next click Start->Run and type cleanmgr in the box and press OK
    Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
    Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
    Press OK and Yes to confirm
    ==========================================================================================================================
  • SweepeRSweepeR
    edited November 2007
    how can i uninstall antivirus personal edition? has no option and under control panel add remove it donest come up.
  • SweepeRSweepeR
    edited November 2007
    which is better superanti spyware or spy sweepeR? ima prob remove one of em along wtih that anti virus personal edition if i find a way.
  • peku006
    edited November 2007
    Hi
    You can dowload some tools from this site at AVIRA to help you out:

    link
    which is better superanti spyware or spy sweepeR?
    superantispyware...........my stand
  • peku006
    edited November 2007

    Glad I could be of assistance! The help you received here was free. Please read through some of these Prevention Tips that Short-Media offers.

    This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.

    Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.

    If you are not the user who started this thread, you must start a new Thread instead :)

    Would you also be interested to join Short-Media (Team #93) with the Folding@Home Project? More information available here
Sign In or Register to comment.