I have ongoing adware virus activity on my PC after I have removed Virtumonde using Spybot-S&D. I have read and followed your "Before You Post" document. I have run Kaspersky and HJT scans and the logs are below. Please assist yet another victim of the Virtumonde.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:07 PM, on 5/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\vsnp2std.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MultiFrame.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MediaManagerService - Unknown owner - C:\Program Files\Media Manager\Viiv\MediaManager.Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9907 bytes


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 30, 2008 7:13:19 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/05/2008
Kaspersky Anti-Virus database records: 812078
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 89893
Number of viruses found: 4
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 00:41:15

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{2C164906-E68F-462A-9010-70DD022223EF}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{9518F764-C54D-47B2-9E73-154B21E79FD2}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{9D48531D-2135-49FC-BC29-ACCDA5396A76}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{B9B9863A-32FD-4133-ADB7-46244ED77694}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{DE286975-ACF1-45B8-9EF7-34E162B2C817}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}\Setup.ilg Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.bak Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2008-05-30_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cbfb3a0a20b8daad5ddfe850309a2758_789de25b-be5d-46b0-b6ee-77ef0e0a8162 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_789de25b-be5d-46b0-b6ee-77ef0e0a8162 Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog00.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog01.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog02.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog03.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog04.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog05.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog06.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog07.sqm Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Derek.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Russell.dat Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\1280377A\2AB9919B\App.ico Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\16E96B81\D122F2F2\Microsoft.mshtml.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\1C1F87FE\D122F2F2\log4net.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\1F6FC04D\2CE1328F\policy.1.0.MediaManager.Platforms.Viiv.Framework.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\238AD7FB\2CE1328F\policy.1.0.WindowsMediaFormat.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\2503188D\2CE1328F\policy.1.0.MediaManager.Core.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\29E5B010\2CE1328F\policy.1.0.MediaManager.Platforms.Viiv.Framework.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\2BD84DFE\2CE1328F\policy.3.5.MediaManager.Core.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\2E832D7F\D122F2F2\SHDocVw.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\2EFD349B\2AB9919B\License.rtf Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\3B7E8D3A\2AB9919B\Popup.wav Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\45646D5A\DCCD58AC\MediaManager.Service.exe Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\4AFF6640\7B3515C7\Interop.CMMS.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\4CEBBB84\D122F2F2\AxInterop.WMPLib.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\5F332148\F2930322\WMP_Upgrade.wma Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\5F8C991B\3C66D2F6\MediaManager.resources Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\64E5A4E4\2CE1328F\policy.3.5.MediaManager.Platforms.Viiv.Framework.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\7132B421\D122F2F2\wmppia.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\73031766\2CE1328F\policy.3.5.WindowsMediaFormat.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\764EC703\F2930322\AxSHDocVw.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\7849FE98\C85D87C4\MediaManager.ActiveX.Sniffer.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\786E6DAD\2CE1328F\policy.3.0.WindowsMediaFormat.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\84CA1B5F\2AB9919B\readme.rtf Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\853EC73C\F2930322\MediaManager.exe.config Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\85D3DD96\2AB9919B\Help.chm Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\88CF50D0\D122F2F2\Interop.WMPLib.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\8A099DC5\2CE1328F\policy.3.5.MediaManager.Platforms.Viiv.Framework.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\8B3B523\F2930322\UserInterface.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\921F110F\D4A1F967\Deregister.exe Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\926B4195\2CE1328F\policy.3.0.MediaManager.Core.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\9978D476\2CE1328F\policy.3.5.MediaManager.Core.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\A09F98A7\2CE1328F\policy.1.0.WindowsMediaFormat.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\A3021C3F\2AB9919B\Logger.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\A35C03FE\2CE1328F\policy.3.5.WindowsMediaFormat.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\A9A3E40A\2CE1328F\policy.3.0.MediaManager.Platforms.Viiv.Framework.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\AE8319A8\51091F58\MediaManager.Platforms.Viiv.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\AFF0C643\5AD6617F\Interop.IntelDH.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\B14F658A\2AB9919B\Release.txt Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\BAFFDC79\6AF9272B\MediaManager.Core.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\C327E189\22CC3605\WindowsMediaFormat.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\C64E75E1\F2930322\Configuration.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\C898ABE2\D122F2F2\Interop.MSNETOBJLib.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\CD779512\2181DEFC\MediaManager.ActiveX.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\D57066F6\2CE1328F\policy.3.0.WindowsMediaFormat.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\D642EBE0\3E656A07\MediaManager.Platforms.Viiv.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\DD7AB08D\F2930322\MediaManager.exe Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\E08EF901\5AD6617F\Interop.CMMS.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\E0ED4B67\7B3515C7\Interop.IntelDH.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\E14B4D3E\3057B55F\MediaManager.Platforms.Viiv.Framework.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\E471124F\2CE1328F\policy.3.0.MediaManager.Core.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\E6D8F098\2CE1328F\policy.1.0.MediaManager.Core.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\F7454224\2CE1328F\policy.3.0.MediaManager.Platforms.Viiv.Framework.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\FA485697\2AB9919B\Configuration.xml.encrypted Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{91d7b65d-0574-11dd-9a0a-001bfc387327}.TM.blf Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{91d7b65d-0574-11dd-9a0a-001bfc387327}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{91d7b65d-0574-11dd-9a0a-001bfc387327}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows Defender\FileTracker\{687B9D18-84EB-4EDE-AE15-CDAA4368B24B} Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Admin\AppData\Local\Temp\Low\~DFEC02.tmp Object is locked skipped
C:\Users\Admin\AppData\Local\Temp\Low\~DFEC5E.tmp Object is locked skipped
C:\Users\Admin\AppData\Local\Temp\~DFC03.tmp Object is locked skipped
C:\Users\Admin\AppData\Local\Temp\~DFC6F.tmp Object is locked skipped
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Admin\NTUSER.DAT Object is locked skipped
C:\Users\Admin\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Admin\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Derek\AppData\Local\Temp\bgpgtdgh.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\bsqmojhr.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\fpbectyw.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\hddimqkn.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\jcovvnmw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.szt skipped
C:\Users\Derek\AppData\Local\Temp\kbpfjmmi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.szt skipped
C:\Users\Derek\AppData\Local\Temp\kgivljkk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.szj skipped
C:\Users\Derek\AppData\Local\Temp\qwqcuvnj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.szj skipped
C:\Users\Derek\AppData\Local\Temp\wmplog00.sqm Object is locked skipped
C:\Users\Derek\AppData\Local\Temp\wmplog01.sqm Object is locked skipped
C:\Users\Derek\AppData\Local\Temp\wmplog02.sqm Object is locked skipped
C:\Users\Derek\AppData\Local\Temp\wmplog03.sqm Object is locked skipped
C:\Users\Derek\Shared\Andrea Bocelli - A Night in Tuscany DivX by.avi Infected: Trojan-Downloader.WMA.GetCodec.b skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\MSDVRMM_471491471_1507328_93916 Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\MSDVRMM_471491471_786432_93924 Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\SBE1747.tmp Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\SBE1851.tmp Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\{7DB76741-C07B-4EC1-94CC-93592DCF07CE}.TmpSBE Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\{9180B563-1061-4217-BEE3-DCF69D51EA43}.TmpSBE Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{B39CEF9F-7771-4EE2-A3A4-D9F2EB4EA1C2}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101A}.TxR.3.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101A}.TxR.4.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\MediaManagerServiceEventLog.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Derek.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\fwtsqmfile00.sqm Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

Scan process completed.

*************************************

Thank You
Derek

Hello Derek, welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Many of the tools we use will not run on Vista and I am still learning how to clean this Operating System. I can
make no promises because of this other than I am willing to do my best
to help. If that works for you and you still need the help, start like this.

I would like to help you and I will do what I can, but you are running System Configuration Utility (MSConfig) in Selective Startup and what I see in the Kaspersky Online Scan (KOS) I can not see in the HJT log. Return to normal mode and create a HJT log, then post it. You should not have to reboot and can return to SS at that point.

Let's see if we can use the Kaspersky Online Scan (KOS) to clean the infection.

Navigate to that Temp folder and delete the files in red
C:\Users\Derek\AppData\Local\Temp\ <<< here


C:\Users\Derek\AppData\Local\Temp\bgpgtdgh.dll ------> Trojan.Win32.Monder.gen
C:\Users\Derek\AppData\Local\Temp\bsqmojhr.dll ------> Trojan.Win32.Monder.gen
C:\Users\Derek\AppData\Local\Temp\fpbectyw.dll ------> Trojan.Win32.Monder.gen
C:\Users\Derek\AppData\Local\Temp\hddimqkn.dll ------> Trojan.Win32.Monder.gen
C:\Users\Derek\AppData\Local\Temp\jcovvnmw.dll ------> AdWare.Win32.Virtumonde.szt skipped
C:\Users\Derek\AppData\Local\Temp\kbpfjmmi.dll ------> AdWare.Win32.Virtumonde.szt skipped
C:\Users\Derek\AppData\Local\Temp\kgivljkk.dll ------> AdWare.Win32.Virtumonde.szj skipped
C:\Users\Derek\AppData\Local\Temp\qwqcuvnj.dll ------> AdWare.Win32.Virtumonde.szj skipped

(delete this infected music file)
C:\Users\Derek\Shared\Andrea Bocelli - A Night in Tuscany DivX by.avi ------> Trojan-Downloader.WMA.GetCodec.b

I want you to understand it is likely downloading that Codec is the reason for your problems, see this.
http://forums.spybot.info/showthread.php?t=7344

If that works, run and post a new KOS and a new HJT log with MSConfig in normal mode. We will see how you did.

Thanks...Phil

Phil,

Thanks you for your reply. I have moved back to normal mode (I think), deleted the 8 .dll files but was unable to remove the .avi file cause I could not locate it in the directory indicated.

I have re-run the KOS and HJT scans and the results are below. Looking forward to your reply.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, June 09, 2008 7:41:38 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/06/2008
Kaspersky Anti-Virus database records: 841667
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 104150
Number of viruses found: 2
Number of infected objects: 128
Number of suspicious objects: 0
Duration of the scan process: 00:47:35

Infected Object Name / Virus Name / Last Action
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{2C164906-E68F-462A-9010-70DD022223EF}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{9518F764-C54D-47B2-9E73-154B21E79FD2}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{9D48531D-2135-49FC-BC29-ACCDA5396A76}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{B9B9863A-32FD-4133-ADB7-46244ED77694}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{DE286975-ACF1-45B8-9EF7-34E162B2C817}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}\Setup.ilg Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.bak Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2008-06-09_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cbfb3a0a20b8daad5ddfe850309a2758_789de25b-be5d-46b0-b6ee-77ef0e0a8162 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_789de25b-be5d-46b0-b6ee-77ef0e0a8162 Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog00.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog01.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog02.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog03.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog04.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog05.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog06.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog07.sqm Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Derek.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Russell.dat Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\1280377A\2AB9919B\App.ico Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\16E96B81\D122F2F2\Microsoft.mshtml.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\1C1F87FE\D122F2F2\log4net.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\1F6FC04D\2CE1328F\policy.1.0.MediaManager.Platforms.Viiv.Framework.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\238AD7FB\2CE1328F\policy.1.0.WindowsMediaFormat.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\2503188D\2CE1328F\policy.1.0.MediaManager.Core.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\29E5B010\2CE1328F\policy.1.0.MediaManager.Platforms.Viiv.Framework.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\2BD84DFE\2CE1328F\policy.3.5.MediaManager.Core.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\2E832D7F\D122F2F2\SHDocVw.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\2EFD349B\2AB9919B\License.rtf Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\3B7E8D3A\2AB9919B\Popup.wav Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\45646D5A\DCCD58AC\MediaManager.Service.exe Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\4AFF6640\7B3515C7\Interop.CMMS.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\4CEBBB84\D122F2F2\AxInterop.WMPLib.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\5F332148\F2930322\WMP_Upgrade.wma Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\5F8C991B\3C66D2F6\MediaManager.resources Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\64E5A4E4\2CE1328F\policy.3.5.MediaManager.Platforms.Viiv.Framework.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\7132B421\D122F2F2\wmppia.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\73031766\2CE1328F\policy.3.5.WindowsMediaFormat.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\764EC703\F2930322\AxSHDocVw.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\7849FE98\C85D87C4\MediaManager.ActiveX.Sniffer.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\786E6DAD\2CE1328F\policy.3.0.WindowsMediaFormat.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\84CA1B5F\2AB9919B\readme.rtf Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\853EC73C\F2930322\MediaManager.exe.config Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\85D3DD96\2AB9919B\Help.chm Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\88CF50D0\D122F2F2\Interop.WMPLib.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\8A099DC5\2CE1328F\policy.3.5.MediaManager.Platforms.Viiv.Framework.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\8B3B523\F2930322\UserInterface.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\921F110F\D4A1F967\Deregister.exe Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\926B4195\2CE1328F\policy.3.0.MediaManager.Core.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\9978D476\2CE1328F\policy.3.5.MediaManager.Core.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\A09F98A7\2CE1328F\policy.1.0.WindowsMediaFormat.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\A3021C3F\2AB9919B\Logger.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\A35C03FE\2CE1328F\policy.3.5.WindowsMediaFormat.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\A9A3E40A\2CE1328F\policy.3.0.MediaManager.Platforms.Viiv.Framework.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\AE8319A8\51091F58\MediaManager.Platforms.Viiv.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\AFF0C643\5AD6617F\Interop.IntelDH.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\B14F658A\2AB9919B\Release.txt Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\BAFFDC79\6AF9272B\MediaManager.Core.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\C327E189\22CC3605\WindowsMediaFormat.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\C64E75E1\F2930322\Configuration.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\C898ABE2\D122F2F2\Interop.MSNETOBJLib.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\CD779512\2181DEFC\MediaManager.ActiveX.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\D57066F6\2CE1328F\policy.3.0.WindowsMediaFormat.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\D642EBE0\3E656A07\MediaManager.Platforms.Viiv.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\DD7AB08D\F2930322\MediaManager.exe Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\E08EF901\5AD6617F\Interop.CMMS.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\E0ED4B67\7B3515C7\Interop.IntelDH.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\E14B4D3E\3057B55F\MediaManager.Platforms.Viiv.Framework.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\E471124F\2CE1328F\policy.3.0.MediaManager.Core.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\E6D8F098\2CE1328F\policy.1.0.MediaManager.Core.xml Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\F7454224\2CE1328F\policy.3.0.MediaManager.Platforms.Viiv.Framework.dll Object is locked skipped
C:\ProgramData\{B0B64EEB-1DEA-4E4C-B465-C90BBF9E8EE5}\offline\FA485697\2AB9919B\Configuration.xml.encrypted Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008060920080610\index.dat Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{91d7b65d-0574-11dd-9a0a-001bfc387327}.TM.blf Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{91d7b65d-0574-11dd-9a0a-001bfc387327}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{91d7b65d-0574-11dd-9a0a-001bfc387327}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows Defender\FileTracker\{E84B102D-2D46-4333-90C4-D30A14ECC8D0} Object is locked skipped
C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Admin\AppData\Local\Temp\Low\~DFCEB4.tmp Object is locked skipped
C:\Users\Admin\AppData\Local\Temp\Low\~DFCEEF.tmp Object is locked skipped
C:\Users\Admin\AppData\Local\Temp\~DF3EF8.tmp Object is locked skipped
C:\Users\Admin\AppData\Local\Temp\~DF4290.tmp Object is locked skipped
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Admin\NTUSER.DAT Object is locked skipped
C:\Users\Admin\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Admin\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Derek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0DIGKM24\kb516107[1] Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33CLOJPR\kb456456[1] Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33CLOJPR\kb514355[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33CLOJPR\kb514355[2] Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CERH37EH\kb456456[1] Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VU12X51P\kb456456[1] Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VU12X51P\kb516107[1] Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\amwadjsk.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\aubcnuvs.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\awtQJaXO.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\bchkrqtn.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\bhvyvyam.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\bilyehls.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\bnpdflrx.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\bxrmytqt.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\byekmgvc.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\ccviaasp.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\ccyuioln.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\ciiutrve.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\cpmcpjtd.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\dorwmcmr.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\dsmsiquf.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\dxbwxhpr.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\dxfupfcg.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\ehwjqxji.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\esddmeqd.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\fadbfcer.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\fafwipaq.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\fbbfcgfa.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\fmguxkoc.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\ftburuja.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\fxyukiem.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\gcqtqgoy.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\gebYstSk.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\gjxwbwbe.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\gtebnaja.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\hvkoesln.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\ialulasm.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\ifmciend.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\irmcsjte.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\jkkLCvuV.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\jqdijpal.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\kfiwpdyt.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\kkaijycg.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\lhkmborg.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\lltcudfm.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\lnqvdfyx.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\Low\~DFB6AF.tmp Object is locked skipped
C:\Users\Derek\AppData\Local\Temp\Low\~DFB775.tmp Object is locked skipped
C:\Users\Derek\AppData\Local\Temp\lruoqlwa.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\mlwubska.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\ngaehqbl.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\ngfwxxnt.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\niusohru.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\npfiixml.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\oewhhxam.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\opnnkIaw.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\ownfumqt.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\pdnxxfhm.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\pqcchccy.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\pqlsonod.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\pweabwhs.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\qfkgrxdy.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\qflaqywy.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\qkfmmfos.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\qomeyycb.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\qvabrgrb.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\rduibuei.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\rkmaojwy.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\rkscmuud.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\rmrbhmjt.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\rpubfcve.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\rtjqlhum.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\rvqmtxld.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\semblftc.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\sfsqonsx.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\sihjoikj.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\sjiaurkr.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\tcckguyi.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\tcvrtebo.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\tlwgleya.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\tmp0000de4d Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\tmp0000e011 Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\tmp0000e445 Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\tmp0000e9f0 Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\tmp00013542 Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\tmp000136c8 Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\tmp0001451a Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\tmp0001476b Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\tmp00016b8e Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\tmp0001f278 Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\tmp00050ece Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\tmp0005313c Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\tmp000b90aa Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\tmp00159e13 Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\tmp006bec24 Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\tmp0363514c Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\tocxtkbo.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\toebcwqh.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\tqtndgiv.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\uagdqusv.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\ueplscii.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\vhficqxn.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\vtyeuroc.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\wedfiqoq.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\wmplog00.sqm Object is locked skipped
C:\Users\Derek\AppData\Local\Temp\wmplog01.sqm Object is locked skipped
C:\Users\Derek\AppData\Local\Temp\wmplog02.sqm Object is locked skipped
C:\Users\Derek\AppData\Local\Temp\wmplog03.sqm Object is locked skipped
C:\Users\Derek\AppData\Local\Temp\xcterlsp.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\ybjqknbb.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\ygewpiet.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\ykiiffuf.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\ymeidawd.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\ymmyssge.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Local\Temp\ynbskldn.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\ypymjoqn.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\yqdnafue.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\Users\Derek\AppData\Local\Temp\~DF9151.tmp Object is locked skipped
C:\Users\Derek\AppData\Roaming\__c001583E.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Roaming\__c0051DC.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Roaming\__c00640A4.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Roaming\__c0066378.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Roaming\__c006BCB6.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Roaming\__c0076629.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Roaming\__c0086508.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Roaming\__c0095264.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Roaming\__c00A0BC8.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Roaming\__c00A51E1.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Roaming\__c00AA3E4.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Roaming\__c00AC867.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Roaming\__c00AE89E.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Roaming\__c00B599E.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Roaming\__c00EDA4.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Derek\AppData\Roaming\__c00F7E6A.dat Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\MSDVRMM_471491471_786432_94525 Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\MSDVRMM_471491471_786432_94530 Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\SBE1065.tmp Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\SBECAC.tmp Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\{A045EFF7-7E82-4441-A6B1-473781436443}.TmpSBE Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\{D85DE0DF-EFE9-4B93-9384-8A410C76C687}.TmpSBE Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{2381A9FC-8216-4B8C-B5B5-BCBA037BA967}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101A}.TxR.3.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101A}.TxR.4.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\MediaManagerServiceEventLog.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Derek.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\fwtsqmfile00.sqm Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

Scan process completed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:39 PM, on 9/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\vsnp2std.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MultiFrame.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MediaManagerService - Unknown owner - C:\Program Files\Media Manager\Viiv\MediaManager.Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10002 bytes



Regards
Derek

Thanks for returning your information, you said:

but was unable to remove the .avi file cause I could not locate it in the directory indicated
http://www.google.com/search?hl=en&q=Trojan-Downloader.WMA.GetCodec.b&btnG=Google+Search
Use search companion to locate the file, you can see how careful we must be, if they will infect Andrea Bocelli music, they will infect anything!

I am puzzled a bit, you scan here:
KASPERSKY ONLINE SCANNER REPORT Monday, June 09, 2008 7:41:38 PM

is showing you are much, much more infected than you were on 5/30/2008. But the HJT log is showing none of this. It is not unusual for Vundo to be hidden from HJT but I can not believe how much more you are showing. If you are not doing so, please keep this computer offline except when troubleshooting.

Remove any old copies of combofix before you proceed.

Thanks to sUBs and anyone else who helped with this fix.

It is important that it is saved directly to your Desktop

Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post the combofix log and a new HJT log.

Tutorial
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Thanks

Phil,

I have downloaded run ComboFix and re-run HJT as requested. Scans are below. Will keep computer offline except for accessing this forum.

Thanks again,
Derek

*********************************************************

ComboFix 08-06-09.7 - Admin 2008-06-10 23:17:06.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1032 [GMT 10:00]
Running from: C:\Users\Admin\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\tmpvc14
C:\Windows\system32\dFrnx05
C:\Windows\system32\MSINET.oca
C:\Windows\system32\pac.txt

.
((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 08:07 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-06-09 01:53 13,025 ----a-w C:\Users\Admin\AppData\Roaming\nvModes.dat
2008-06-08 02:42 13,025 ----a-w C:\Users\Derek\AppData\Roaming\nvModes.dat
2008-06-08 02:10 51,200 ----a-w C:\Users\Derek\AppData\Roaming\__c006BCB6.dat
2008-06-06 10:16 51,200 ----a-w C:\Users\Derek\AppData\Roaming\__c0051DC.dat
2008-05-31 22:57 51,200 ----a-w C:\Users\Derek\AppData\Roaming\__c00AA3E4.dat
2008-05-30 22:37 51,200 ----a-w C:\Users\Derek\AppData\Roaming\__c00EDA4.dat
2008-05-30 22:29 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-05-30 22:29 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-05-30 22:29 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-05-30 22:29 --------- d-----w C:\Program Files\Symantec
2008-05-30 22:26 51,200 ----a-w C:\Users\Derek\AppData\Roaming\__c0086508.dat
2008-05-29 21:33 262,144 ----a-w C:\ntuser.dat
2008-05-29 13:02 --------- d-----w C:\Program Files\Trend Micro
2008-05-28 14:22 51,200 ----a-w C:\Users\Derek\AppData\Roaming\__c00B599E.dat
2008-05-28 14:15 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-28 13:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-26 21:56 152,515,498 ----a-w C:\SYM_REGISTRY_BACKUP.reg
2008-05-26 13:36 23,040 ----a-w C:\chktrust.exe
2008-05-26 13:30 173,456 ----a-w C:\FixVundo.exe
2008-05-25 07:16 51,200 ----a-w C:\Users\Derek\AppData\Roaming\__c00A51E1.dat
2008-05-25 00:58 51,200 ----a-w C:\Users\Derek\AppData\Roaming\__c00AE89E.dat
2008-05-23 23:25 51,200 ----a-w C:\Users\Derek\AppData\Roaming\__c00640A4.dat
2008-05-22 09:17 51,200 ----a-w C:\Users\Derek\AppData\Roaming\__c00A0BC8.dat
2008-05-22 09:15 51,200 ----a-w C:\Users\Derek\AppData\Roaming\__c0076629.dat
2008-05-22 09:14 51,200 ----a-w C:\Users\Derek\AppData\Roaming\__c0095264.dat
2008-05-22 09:14 51,200 ----a-w C:\Users\Derek\AppData\Roaming\__c0066378.dat
2008-05-22 09:13 51,200 ----a-w C:\Users\Derek\AppData\Roaming\__c00AC867.dat
2008-05-22 09:12 51,200 ----a-w C:\Users\Derek\AppData\Roaming\__c00F7E6A.dat
2008-05-20 12:39 --------- d-----w C:\ProgramData\Symantec
2008-05-20 10:56 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-20 10:24 51,200 ----a-w C:\Users\Derek\AppData\Roaming\__c001583E.dat
2008-05-18 02:34 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-18 00:07 --------- d-----w C:\Program Files\iTunes
2008-05-18 00:06 --------- d-----w C:\Program Files\iPod
2008-05-18 00:04 --------- d-----w C:\Program Files\QuickTime
2008-05-17 23:51 --------- d-----w C:\Program Files\Apple Software Update
2008-05-15 12:41 --------- d-----w C:\Program Files\Sun
2008-05-15 12:41 --------- d-----w C:\Program Files\Java
2008-05-14 17:05 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 12:46 --------- d-----w C:\Program Files\Norton Internet Security
2008-05-14 12:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-12 13:30 --------- d-----w C:\Users\Derek\AppData\Roaming\LimeWire
2008-05-12 13:29 --------- d-----w C:\Program Files\LimeWire
2007-11-20 12:04 13,119 ----a-w C:\Users\Russell\AppData\Roaming\nvModes.dat
2007-09-04 10:34 174 --sha-w C:\Program Files\desktop.ini
2008-01-15 13:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-15 13:25 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-15 13:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-08-05 10:48 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-08-05 10:48 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-08-05 10:48 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 17:37 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-03 12:53 171448]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 22:34 2159104 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 21:43 729088]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 15:36 4186112 C:\Windows\RtHDVCpl.exe]
"snp2std"="C:\Windows\vsnp2std.exe" [2006-08-09 18:18 675840]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-03 01:27 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 15:27 815104]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 09:17 22696]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-10 16:46 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-10 16:46 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-10 16:46 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2006-10-31 20:31 112320]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 19:45 222208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 21:44:06 29696]
MultiFrame.lnk - C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe [2007-05-06 07:18:12 991600]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CBBDAF79-D595-484B-81FE-C37F381A0852}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7E2893E6-5749-4660-A9B3-AD1C23E8347C}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{50BDCC10-4EBE-4A09-BF8F-0FA3EF9BE45F}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{705033CF-A55B-4FAA-BF13-CA8622CA5142}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C66C960A-1F10-447E-8CD8-10F3DFC32CB7}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{009CACF2-0179-4A8D-890A-8ED2E661790A}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{C671560A-3856-40D1-8C3D-A20659F35AE8}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{309B299E-0966-4232-94BD-3F37598537A3}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B64BB790-12DE-4138-95A3-AC3A2C78C0F9}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{5355C948-B20D-4922-B6EA-43E7E90505FE}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1E7E502B-ADD7-4953-8AA7-B17F6EA7C09B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080606.003\IDSvix86.sys [2008-03-21 06:37]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);C:\Windows\system32\drivers\averhbtv.sys [2006-12-04 17:22]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2006-09-04 19:36]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-24 22:39]
R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-03 08:37]
S2 MediaManagerService;MediaManagerService;"C:\Program Files\Media Manager\Viiv\MediaManager.Service.exe" [2007-05-26 08:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 09:21:23 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Derek.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 23:19:54
Windows 6.0.6000 NTFS

scanning hidden processes ...

? [60888]
? [61220]
? [56636]
? [61280]
? [61524]
? [62872]
? [61920]
? [56604]
? [61668]
? [60852]
? [62152]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-06-10 23:20:53
ComboFix-quarantined-files.txt 2008-06-10 13:20:45

The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.

175 --- E O F --- 2008-06-06 10:20:32



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:15 PM, on 10/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MultiFrame.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MediaManagerService - Unknown owner - C:\Program Files\Media Manager\Viiv\MediaManager.Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9252 bytes

Ok and Thanks for returning your information...these situations make me want to leave Vista alone. Since combofix is not finding the junk, we will need to try another method, let's try this:

1) You are running System Configuration Utility MSConfig) in Selective Startup mode. Return it to Normal mode until we finish.
I have no idea what I may not be seeing!!

1) Windows Vista
Click Start.
Open Computer.
Press the ALT key.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

2) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

4) Right click Start > Explore and navigate to these files/folders and delete them if there.
(may be different on Vista)

C:\Users\Derek\AppData\Local\Microsoft\Windows\Temporary Internet Files\ <<< delete the contents of that folder

C:\Users\Derek\AppData\Local\Temp\ <<< delete the contents of that folder

C:\Users\Derek\AppData\Roaming\ <<< delete the contents of that folder

Notes for Windows Vista users from the tool creator:
On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator"
Prefetch has been disabled on Windows Vista. As I'm not sure the effects that emptying prefetch on Windows Vista will have for the time being it I won't enable that function.

5) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

6) Download Malwarebytes' Anti-Malware to your desktop.
http://www.besttechie.net/tools/mbam-setup.exe

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.

*Let me know how the computer is running.

Thanks

Hi I'm back,

I have performed all items as requested. The Malwarebytes scan did crash my computer several times but I was eventually able to run it through to completion with no infections reported. Computer seems to be running normally but have kept it off the internet during this malware removal process. Scans as requested attached below.

Malwarebytes' Anti-Malware 1.16
Database version: 845

8:03:49 PM 11/06/2008
mbam-log-6-11-2008 (20-03-49).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 153249
Time elapsed: 39 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

*************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:10 PM, on 11/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\vsnp2std.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MultiFrame.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MediaManagerService - Unknown owner - C:\Program Files\Media Manager\Viiv\MediaManager.Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9096 bytes

Thanks and Regards
Derek

Thanks for the feedback Derek, you are the second person in a row who mentioned issues with MBAM? You are running tool as admin and installing it to the Desktop as instructed?

This HJT log appears to be clean of malware. Keep in mind you are back in Selective Startup in MSConfig so if you have any malware unchecked I would not see that.

Let's run a last Kaspersky Online Scan (KOS) using these setting to make sure nothing hides from us.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.

Then post it here. <<< there is no need to post a clean scan result.

I'll post this information for you now so you can benefit from it, keep in mind all information may not apply to Vista.

http://windowshelp.microsoft.com/windows/en-us/Help/596FB57F-CC9D-4AC5-A813-5C0830E9156A1033.mspx

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

Hi,

re - "You are running MBAM tool as admin and installing it to the Desktop as instructed?" The answer is yes.

Good news - I ran the latest version of Kaspersky scan and it came up clean.

Thank you for your expert advice and persistent assistance in restoring my computer to its uninfected state. Please advise what are my options for contributing/donating back to the excellent work you and your colleagues do on this forum to help persons like myself.

Regards
Derek

Thanks for the feedback:bigthumb: We volunteer our services but I am sure it has to be expensive to maintain a forum like this and any donation will be appreciated. The donation link was near the end of my last post.