zlob.dnschanger vista

1

1needhelp

New member
internet explorer keeps getting redirected to other web sites.i ran spybot it found zlob.dnschanger and said it deleted it. i have re checked it a couple of times and it dosent come up any more.my problem is internet explorer still redirects my searches and firefox gets redirected back to google. please can some one help.here is the log files for hjt and kaspersky online scan
 
Hi 1needhelp

Please next copy and paste HijackThis log and kaspersky report into your replies, please :)
 
here is my hjt logLogfile and my kaspersky scan Trend Micro HijackThis v2.0.2
Scan saved at 2:04:41 AM, on 29/03/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Val\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [UPS-Status] C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [dmvkv.exe] C:\Windows\system32\dmvkv.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [dmckf.tmp] C:\Windows\system32\dmckf.tmp
O4 - HKCU\..\Run: [dmwky.tmp] C:\Windows\system32\dmwky.tmp
O4 - HKCU\..\Run: [dmaof.tmp] C:\Windows\system32\dmaof.tmp
O4 - HKCU\..\Run: [dmezg.tmp] C:\Windows\system32\dmezg.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {28E31667-4E33-42CE-9094-2083C6E3987D} (Voicenow Deskshare Web Addin Control) - http://www.voicenow.com/download/VoicenowDeskshare.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28A9BC3C-18BC-40FD-8D6E-39A61E6EFEB6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A1B5E6F-9A57-4276-B4C4-8CC10FEE84DB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CF6F285-8254-44B5-BBCD-7C39E3653AEB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{92472D25-07A7-4690-96FB-F41248FA6C82}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF1B88C4-4E0B-4E6B-B04A-67DB87BB19F1}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F07B5992-D0FE-4777-8578-E13E4764C1BB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{28A9BC3C-18BC-40FD-8D6E-39A61E6EFEB6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{28A9BC3C-18BC-40FD-8D6E-39A61E6EFEB6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Unknown owner - C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11446 bytes
kaspersky log to follow
 
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 29, 2008 2:02:38 AM
Operating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/03/2008
Kaspersky Anti-Virus database records: 670608
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 166217
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:36:53

Infected Object Name / Virus Name / Last Action
C:\Program Files\PC-Doctor 5 for Windows\Configuration\config.xml Object is locked skipped
C:\ProgramData\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked skipped
C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked skipped
C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bcdaa4eac609de99860fbeab35e1f939_5d2d7025-170d-40ce-813f-59fca1c97d17 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_5d2d7025-170d-40ce-813f-59fca1c97d17 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fb8b02488de08e20ccd7c6ad6bbda098_5d2d7025-170d-40ce-813f-59fca1c97d17 Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\IUSR_NMPR.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\kids.dat Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008032420080325\index.dat Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008032820080329\index.dat Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\UsrClass.dat{bd1375d6-1506-11dc-9db0-001a9299c46e}.TM.blf Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\UsrClass.dat{bd1375d6-1506-11dc-9db0-001a9299c46e}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\UsrClass.dat{bd1375d6-1506-11dc-9db0-001a9299c46e}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows Defender\FileTracker\{0C17BE7C-9FE5-40F6-A37C-77E25C890221} Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Val\AppData\Local\Temp\~DF360E.tmp Object is locked skipped
C:\Users\Val\AppData\Local\Temp\~DF8AAB.tmp Object is locked skipped
C:\Users\Val\AppData\Local\Temp\~DF8AB5.tmp Object is locked skipped
C:\Users\Val\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Val\ntuser.dat Object is locked skipped
C:\Users\Val\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Val\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Val\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Val\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Val\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\1E2E58C73053C7775EB226DB5E739137.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2CE523184A801AA7361A7039E2D6B41D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\376786241A5443E41378D25CF812FCC1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4CB32C0A77CD4D9B0C9618F73F786C32.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5B5D21CF62E70BACF9D085E6AA6CE143.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\87AA2A001CE3E89926688B93E4DC2992.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8A94AF24F162D580E3D9889344A3A317.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8C718B5AFD373885B68D2836088CAF9A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\96ABB1671705F680578FE240427CBD4F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9CD33F0956942860B50AA1B9330DEFAF.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA742824DCADA846BA4B665D686DD5D6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D1A1B12A7DA3F9675C01397A26DBF4B3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D4C4BA54B6A8FA6211E60E2ADFF7426A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\IntelDH.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\fwtsqmfile00.sqm Object is locked skipped
C:\Windows\Temp\fwtsqmfile01.sqm Object is locked skipped
C:\Windows\Temp\fwtsqmfile02.sqm Object is locked skipped
C:\Windows\Temp\nmsmc_DQLWinService.log Object is locked skipped
C:\Windows\Temp\VistaSP1_InstallPerf_142855.sqm Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd Object is locked skipped

Scan process completed.
 
Hi

Download F-Secure Blacklight and save it to your desktop -> ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe

Doubleclick fsbl.exe, accept the agreement, click Scan, then click Next

You'll see a list what have been found. A log will appear to your desktop, it is named fsbl.xxxxxxx.log (xxxxxxx will be random numbers).

DON'T choose Rename if something was found!

Post the contents of fsbl.xxxx.log to here (xxxx= random numbers,blacklight log from your desktop)

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post.

Post:

- blacklight report
- main.txt
- extra.txt
 
04/06/08 16:53:44 [Info]: BlackLight Engine 1.0.70 initialized
04/06/08 16:53:44 [Info]: OS: 6.0 build 6001 (Service Pack 1)
04/06/08 16:53:45 [Note]: 7019 4
04/06/08 16:53:45 [Note]: 7005 0
04/06/08 16:53:56 [Note]: 7006 0
04/06/08 16:53:56 [Note]: 7027 0
04/06/08 16:53:56 [Note]: 7035 0
04/06/08 16:53:56 [Note]: 7026 0
04/06/08 16:53:56 [Note]: 7026 0
04/06/08 16:54:04 [Note]: FSRAW library version 1.7.1024
04/06/08 16:58:56 [Note]: 4015 10186
04/06/08 16:58:56 [Note]: 4027 10186 65536
04/06/08 16:58:56 [Note]: 4020 10185 65536
04/06/08 16:58:56 [Note]: 4018 10185 65536
04/06/08 17:03:48 [Note]: 2000 1012
04/06/08 17:03:48 [Note]: 2000 1012
04/06/08 17:10:06 [Note]: 7007 0
decker scan main text next post
 
Deckard's System Scanner v20071014.68
Run by Val on 2008-04-06 18:11:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Val.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:57 PM, on 06/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Rhapsody\rhaphlpr.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Val\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Val.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [UPS-Status] C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {28E31667-4E33-42CE-9094-2083C6E3987D} (Voicenow Deskshare Web Addin Control) - http://www.voicenow.com/download/VoicenowDeskshare.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28A9BC3C-18BC-40FD-8D6E-39A61E6EFEB6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A1B5E6F-9A57-4276-B4C4-8CC10FEE84DB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CF6F285-8254-44B5-BBCD-7C39E3653AEB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{92472D25-07A7-4690-96FB-F41248FA6C82}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF1B88C4-4E0B-4E6B-B04A-67DB87BB19F1}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F07B5992-D0FE-4777-8578-E13E4764C1BB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{28A9BC3C-18BC-40FD-8D6E-39A61E6EFEB6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{28A9BC3C-18BC-40FD-8D6E-39A61E6EFEB6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Unknown owner - C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11444 bytes

-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 18:11:49 0 d-------- C:\Program Files\Trend Micro
2008-04-04 00:30:20 0 d-------- C:\Windows\LastGood
2008-03-29 17:24:09 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-03-29 17:23:36 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 22:47:32 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-03-23 23:41:42 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-03-22 23:05:59 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-22 22:11:33 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-22 21:48:12 0 d-------- C:\Program Files\Lavasoft
2008-03-22 21:48:11 0 d-------- C:\Users\All Users\Lavasoft
2008-03-22 21:47:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2008-04-04 00:29:52 0 d-------- C:\Program Files\Realtek
2008-04-01 20:10:45 4 --a------ C:\Windows\system32\66A5E9
2008-03-30 23:17:41 12 --a------ C:\Windows\bthservsdp.dat
2008-03-29 17:23:36 0 d-------- C:\Users\Val\AppData\Roaming\SUPERAntiSpyware.com
2008-03-24 22:54:14 0 d-------- C:\Users\Val\AppData\Roaming\Image Zone Express
2008-03-23 00:12:07 174 --ahs---- C:\Program Files\desktop.ini
2008-03-23 00:03:59 0 d-------- C:\Program Files\Windows Calendar
2008-03-23 00:03:58 0 d-------- C:\Program Files\Windows Sidebar
2008-03-23 00:03:58 0 d-------- C:\Program Files\Movie Maker
2008-03-23 00:03:57 0 d-------- C:\Program Files\Windows Mail
2008-03-23 00:03:53 0 d-------- C:\Program Files\Windows Photo Gallery
2008-03-23 00:03:53 0 d-------- C:\Program Files\Windows Journal
2008-03-23 00:03:49 0 d-------- C:\Program Files\Windows Defender
2008-03-22 21:47:27 0 d-------- C:\Program Files\Common Files
2008-03-09 23:43:29 0 d-------- C:\Users\Val\AppData\Roaming\ZoomBrowser EX
2008-03-09 23:25:40 0 d-------- C:\Users\Val\AppData\Roaming\CameraWindowDC
2008-03-09 23:16:41 0 d-------- C:\Users\Val\AppData\Roaming\CANON INC
2008-03-09 23:15:02 0 d-------- C:\Program Files\Java
2008-03-07 00:57:41 0 d-------- C:\Program Files\Belkin Bulldog Plus
2008-03-04 16:09:24 0 d-------- C:\Users\Val\AppData\Roaming\Canon
2008-03-04 16:00:07 0 d-------- C:\Program Files\Canon
2008-03-04 15:56:23 0 d-------- C:\Program Files\Common Files\Canon
2008-03-01 11:50:24 0 d-------- C:\Users\Val\AppData\Roaming\PCF-VLC
2008-02-29 13:59:58 0 d-------- C:\Program Files\Print Workshop 2008
2008-02-26 18:37:15 0 d-------- C:\Users\Val\AppData\Roaming\Nexon
2008-02-26 18:36:06 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-02-24 17:13:41 0 d-------- C:\Program Files\Rhapsody
2008-02-07 23:19:22 0 d-------- C:\Users\Val\AppData\Roaming\Roxio


-
 
Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 02:38 AM]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [28/09/2006 08:42 AM]
"KBD"="C:\HP\KBD\KbdStub.EXE" [08/12/2006 10:16 AM]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [20/11/2006 06:34 AM]
"RtHDVCpl"="RtHDVCpl.exe" [15/01/2008 11:26 AM C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [10/12/2006 09:52 PM]
"@"="" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [22/12/2006 07:29 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [19/04/2007 06:11 PM]
"UPS-Status"="C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe" [15/11/2006 12:22 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [15/11/2007 12:43 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/11/2007 02:11 PM]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [02/11/2006 07:35 AM]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [21/12/2007 09:21 AM]
"NWEReboot"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [28/08/2007 01:59 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [28/08/2007 01:59 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [28/08/2007 01:59 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 02:33 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 02:33 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [16/02/2005 08:15 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 02:33 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [6/7/2006 5:05:38 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [1/2/2007 9:40:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmaof.tmp]
C:\Windows\system32\dmaof.tmp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmckf.tmp]
C:\Windows\system32\dmckf.tmp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmezg.tmp]
C:\Windows\system32\dmezg.tmp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmgba.tmp]
C:\Windows\system32\dmgba.tmp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmvkv.exe]
C:\Windows\system32\dmvkv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmwky.tmp]
C:\Windows\system32\dmwky.tmp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
AutoRun\command- L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1529cf63-d14a-11db-8370-806e6f6e6963}]
AutoRun\command- F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e7ae6f3-c452-11dc-aaac-001a9299c46e}]
AutoRun\command- K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b50c66a4-150b-11dc-bfb7-001a9299c46e}]
AutoRun\command- K:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-06 18:12:52 ------------

i dont have the extra txt. it is no where to be found not minamized and not in the decker folder. dont no where else to look.
 
I found the extra txt. from a decker scan i did while i waited for help in this forum i hope this helpful
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 2045.76 MiB / 1422.51 MiB
Pagefile Memory (total/avail): 4336.5 MiB / 3380.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1895.9 MiB

C: is Fixed (NTFS) - 290.3 GiB total, 230.68 GiB free.
D: is Fixed (NTFS) - 7.79 GiB total, 0.88 GiB free.
E: is Fixed (NTFS) - 298.09 GiB total, 294.74 GiB free.
F: is CDROM (CDFS)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3320820AS - 298.09 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 290.3 GiB - C:
\PARTITION1 - Installable File System - 7.79 GiB - D:

\\.\PHYSICALDRIVE1 - ST3320820AS - 298.09 GiB - 1 partition
\PARTITION0 - Installable File System - 298.09 GiB - E:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
AS: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: SUPERAntiSpyware v4, 0, 0, 1154 (SUPERAntiSpyware.com) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Val\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OFFICE
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Val
LOCALAPPDATA=C:\Users\Val\AppData\Local
LOGONSERVER=\\OFFICE
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=HPD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Val\AppData\Local\Temp
TMP=C:\Users\Val\AppData\Local\Temp
USERDOMAIN=office
USERNAME=Val
USERPROFILE=C:\Users\Val
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

IUSR_NMPR (new local, net ready)
Val


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\HP Games\Airstrike 2 - Gulf Thunder\Uninstall.exe"
--> "C:\Program Files\HP Games\Alpha Ball\Uninstall.exe"
--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Final Drive Fury\Uninstall.exe"
--> "C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
--> "C:\Program Files\HP Games\Hyperballoid the Complete Edition\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
--> "C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
--> "C:\Program Files\HP Games\Mahjong Journey of Enlightenment\Uninstall.exe"
--> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
--> "C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
--> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Strike Ball 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files\HP Games\The Apprentice\Uninstall.exe"
--> "C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
--> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
--> MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
--> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\VoicenowDeskshare.inf,DefaultUninstall,5
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop Elements 5.0 --> msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Belkin Bulldog Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3D16DAD-1AEE-11D6-B82B-004033AA2C09}\Setup.exe" -l0x9
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow --> "C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities CameraWindow DC --> "C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities MyCamera --> "C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities MyCamera DC --> "C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture DC --> "C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility --> "C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
EasyGPS --> "C:\Program Files\EasyGPS\unins000.exe"
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
ESET NOD32 Antivirus --> MsiExec.exe /I{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}
FlashTalk --> "C:\Program Files\FlashTalk\uninstall.exe"
Garmin Communicator Plugin --> MsiExec.exe /X{620E4DBC-0B81-40DD-9F10-C159ECEAB360}
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Hardware Diagnostic Tools --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
HijackThis 2.0.2 --> "C:\Users\Val\Desktop\HiJackThis\HijackThis.exe" /uninstall
HP Connections (remove only) --> C:\Windows\HPCPCUninstall-6811507\HPBWSetup.exe -appid 6811507 -uninstall
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback --> MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Core --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 8.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP On-Screen Caps/Num/Scroll Lock Indicator --> C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart.All-In-One Driver Software 8.0 .A --> C:\Program Files\Hewlett-Packard\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Picasso Media Center Add-In --> MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Solution Center 8.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Total Care Advisor --> MsiExec.exe /X{CBFEEA43-2B94-44AF-8325-B413E62D2A5D}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Intel(R) Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
Intel® Viiv™ Software --> MsiExec.exe /X{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B} /qb!
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Joost (tm) Beta 1.0.8 --> C:\Program Files\Joost\uninst.exe
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
MannaTalk+ --> MsiExec.exe /I{F485A031-EC1E-46A1-8953-C57C31F40F0B}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Miro --> C:\Program Files\Participatory Culture Foundation\Miro\uninstall.exe
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77CA976C-403C-47E2-940B-733ECAB6F62B}\setup.exe" -l0x9
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Print Workshop 2008 --> MsiExec.exe /I{20F6E330-B570-486A-A954-F018EC815705}
Python 2.4.3 --> MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\INSTALL.LOG
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Creator Audio --> MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /X{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}


-- Application Event Log -------------------------------------------------------

Event Record #/Type14753 / Warning
Event Submitted/Written: 03/30/2008 00:22:21 AM
Event ID/Source: 1038 / UPS Event
Event Description:
UPS disconnect! Cannot retrieve information from the UPS.

Event Record #/Type14739 / Error
Event Submitted/Written: 03/29/2008 07:10:18 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application BTTray.exe, version 5.1.0.1700, time stamp 0x448769d1, faulting module kernel32.dll, version 6.0.6001.18000, time stamp 0x4791a76d, exception code 0xe06d7363, fault offset 0x000442eb,
process id 0x964, application start time 0xBTTray.exe0.

Event Record #/Type14737 / Success
Event Submitted/Written: 03/29/2008 07:10:04 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type14735 / Success
Event Submitted/Written: 03/29/2008 07:10:00 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type14729 / Success
Event Submitted/Written: 03/29/2008 07:09:59 PM
Event ID/Source: 2570 / Adobe Active File Monitor 5.0
Event Description:
Adobe Active File Monitor Service has Started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type175600 / Warning
Event Submitted/Written: 03/30/2008 00:22:14 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001A9299C46E. The following error occurred:
%%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type175587 / Warning
Event Submitted/Written: 03/29/2008 08:30:57 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type175524 / Error
Event Submitted/Written: 03/29/2008 07:11:18 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
npkcrypt%%3

Event Record #/Type175511 / Error
Event Submitted/Written: 03/29/2008 07:11:18 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058

Event Record #/Type175474 / Warning
Event Submitted/Written: 03/29/2008 07:10:22 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%office27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %office27 can't undo changes that you allow.

For more information please see the following:
%office275

Scan ID: {738C3011-F5A9-42AB-A907-E00C1BB699A5}

User: office\Val

Name: %office271

ID: %office272

Severity ID: %office273

Category ID: %office274

Path Found: %office276

Alert Type: %office278

Detection Type: 1.1.1600.02



-- End of Deckard's System Scanner: finished at 2008-03-30 01:17:31 ------------
 
Hi

Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.

Go to Start > Run
Type regedit and click OK.

  • On the leftside, click to highlight My Computer at the top.
  • Go up to "File > Export"
    • Make sure in that window there is a tick next to "All" under Export Branch.
    • Leave the "Save As Type" as "Registration Files".
    • Under "Filename" put backup
  • Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
  • Click Save and then go to File > Exit.

Open Notepad and copy the contents of the following box to a new file.

Code: 
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmaof.tmp]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmckf.tmp]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmezg.tmp]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmgba.tmp]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmvkv.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmwky.tmp]

Save it as fix.reg (save type: "All files" (*.*)) to your desktop.

It should look like this ->
reg.gif


Go to Desktop, double-click fix.reg and merge the infomation with the registry.

(In case you are unsure how to create a reg file, take a look here with screenshots.)

Open HijackThis, click do a system scan only and checkmark these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O13 - Gopher Prefix:
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28A9BC3C-18BC-40FD-8D6E-39A61E6EFEB6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A1B5E6F-9A57-4276-B4C4-8CC10FEE84DB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CF6F285-8254-44B5-BBCD-7C39E3653AEB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{92472D25-07A7-4690-96FB-F41248FA6C82}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF1B88C4-4E0B-4E6B-B04A-67DB87BB19F1}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F07B5992-D0FE-4777-8578-E13E4764C1BB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{28A9BC3C-18BC-40FD-8D6E-39A61E6EFEB6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{28A9BC3C-18BC-40FD-8D6E-39A61E6EFEB6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

Close all windows including browser and press fix checked.

Reboot.

Delete all files like these:

C:\Windows\system32\dm???.tmp, where ? means any letter

Empty Recycle Bin.

Post back a fresh HijackThis log.
 
you say in your post 2000 or xp only my computer is running vista home premium. schould i still do what your asking.Sorry about the question im a little new at this.
 
here is my new hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:17:36 AM, on 09/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [UPS-Status] C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {28E31667-4E33-42CE-9094-2083C6E3987D} (Voicenow Deskshare Web Addin Control) - http://www.voicenow.com/download/VoicenowDeskshare.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Unknown owner - C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9789 bytes
 
Hi

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As... button (see red arrow below)
    Kas-SaveReport-1.gif
  • In the Save as... prompt, select Desktop
  • In the File name box, name the file KasScan-ddmmyy (or similar)
  • In the Save as type prompt, select Text file (see below)
    Kas-Savetxt.gif
  • Now click on the Save as Text button
  • Savethe file to your desktop.
  • Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only! Keep ALL other programs closed during the scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
 
every thing you asked me to do with the registry worked fine. the computer restarted and everything was fine. when i wanted to shut the computer down for the night windows vista had updates it installed before the computer shutdown. when i restarted the computer the next day it would always go to safe mode only. went to msconfig and set to normal boot and still goes to safe mode.tried to do a restore and the restore program did not load, then tried to uninstall the updates but only got 2 of the 4 updates uninstalled. the computer still only goes to safe mode what is there that i can do to get it back. thanks for all your help so far.
 
I managed to do a system restore back before the updates. So the updates are now gone. The computer starts up in selective mode now, but it will not start up in normal boot configuration. I will post a Kaspersky Scan shortly.
 
here is the hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:19 AM, on 11/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [UPS-Status] C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {28E31667-4E33-42CE-9094-2083C6E3987D} (Voicenow Deskshare Web Addin Control) - http://www.voicenow.com/download/VoicenowDeskshare.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Unknown owner - C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9963 bytes


kaspersky log next
 
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 11, 2008 4:38:37 AM
Operating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/04/2008
Kaspersky Anti-Virus database records: 696209
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 161961
Number of viruses found: 1
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 01:18:59

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\PC-Doctor 5 for Windows\Configuration\config.xml Object is locked skipped
C:\ProgramData\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked skipped
C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked skipped
C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bcdaa4eac609de99860fbeab35e1f939_5d2d7025-170d-40ce-813f-59fca1c97d17 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_5d2d7025-170d-40ce-813f-59fca1c97d17 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fb8b02488de08e20ccd7c6ad6bbda098_5d2d7025-170d-40ce-813f-59fca1c97d17 Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\IUSR_NMPR.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\kids.dat Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008041020080411\index.dat Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS0001.tmp Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\UsrClass.dat{bd1375d6-1506-11dc-9db0-001a9299c46e}.TM.blf Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\UsrClass.dat{bd1375d6-1506-11dc-9db0-001a9299c46e}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows\UsrClass.dat{bd1375d6-1506-11dc-9db0-001a9299c46e}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows Defender\FileTracker\{7E2A30C9-BD08-457B-8E86-CC37492D95AF} Object is locked skipped
C:\Users\Val\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Val\AppData\Local\Temp\~DF162C.tmp Object is locked skipped
C:\Users\Val\AppData\Local\Temp\~DF7C7F.tmp Object is locked skipped
C:\Users\Val\AppData\Local\Temp\~DF9107.tmp Object is locked skipped
C:\Users\Val\AppData\Local\Temp\~DF910C.tmp Object is locked skipped
C:\Users\Val\AppData\Local\VirtualStore\Windows\System32\dmaof.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Users\Val\AppData\Local\VirtualStore\Windows\System32\dmckf.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Users\Val\AppData\Local\VirtualStore\Windows\System32\dmezg.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Users\Val\AppData\Local\VirtualStore\Windows\System32\dmgba.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Users\Val\AppData\Local\VirtualStore\Windows\System32\dmwky.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Users\Val\AppData\Roaming\Microsoft\Outlook\outitems.log Object is locked skipped
C:\Users\Val\AppData\Roaming\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Users\Val\AppData\Roaming\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Users\Val\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Val\Desktop\archive\archive.pst Object is locked skipped
C:\Users\Val\ntuser.dat Object is locked skipped
C:\Users\Val\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Val\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Val\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Val\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Val\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{5EDAD08B-0527-4D19-9523-3DC5DDE9FC75}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\dmaof.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Windows\System32\dmckf.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Windows\System32\dmejy.exe Infected: Packed.Win32.Monder.gen skipped
C:\Windows\System32\dmezg.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Windows\System32\dmgba.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Windows\System32\dmsqw.exe Infected: Packed.Win32.Monder.gen skipped
C:\Windows\System32\dmvkv.exe Infected: Packed.Win32.Monder.gen skipped
C:\Windows\System32\dmwky.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\1E2E58C73053C7775EB226DB5E739137.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2CE523184A801AA7361A7039E2D6B41D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\376786241A5443E41378D25CF812FCC1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4CB32C0A77CD4D9B0C9618F73F786C32.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5B5D21CF62E70BACF9D085E6AA6CE143.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\87AA2A001CE3E89926688B93E4DC2992.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8A94AF24F162D580E3D9889344A3A317.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8C718B5AFD373885B68D2836088CAF9A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\96ABB1671705F680578FE240427CBD4F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9CD33F0956942860B50AA1B9330DEFAF.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA742824DCADA846BA4B665D686DD5D6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D1A1B12A7DA3F9675C01397A26DBF4B3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D4C4BA54B6A8FA6211E60E2ADFF7426A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\IntelDH.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\fwtsqmfile00.sqm Object is locked skipped
C:\Windows\Temp\nmsmc_DQLWinService.log Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd Object is locked skipped

Scan process completed.
 
You must log in or register to reply here.
Back
Top