Pop Ups Galore - Cant even operate IE

[chrispeters]

hi guys, my computer seems to be infected with adware as i cannot access the internet on my laptop as i just get pounded with popups. To the point that IE is completely unusable. Due to this i havent been able to do the panda online scan etc, as im currently just switching the required programs etc from a seperate computer. i would really appreciate some help with this as its frustrating as hell

My highjack log (main):

Deckard's System Scanner v20071014.68
Run by chris on 2008-05-13 22:12:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
9: 2008-05-13 16:04:51 UTC - RP317 - Windows Update
8: 2008-05-13 12:37:24 UTC - RP316 - Removed Command & Conquer 3.
7: 2008-05-13 12:30:49 UTC - RP315 - Removed Java(TM) 6 Update 2
6: 2008-05-12 16:12:20 UTC - RP314 - Windows Defender Checkpoint
5: 2008-05-11 04:01:30 UTC - RP312 - Scheduled Checkpoint


-- First Restore Point --
1: 2008-05-07 09:38:29 UTC - RP308 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as chris.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:13, on 13/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\System32\mobsync.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\chris\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\chris\Desktop\dss.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
c:\windows\system32\rundll32.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\chris.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awtTlIxW.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\chris\AppData\Local\Temp\nnnnnNDw.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\chris\AppData\Local\Temp\ljJCuuSI.dll,#1
O4 - HKCU\..\Run: [2aa81b5c] rundll32.exe "C:\Users\chris\AppData\Local\Temp\irvmqpqr.dll",b
O4 - HKCU\..\Run: [BM299b28c0] Rundll32.exe "C:\Users\chris\AppData\Local\Temp\wiornwvb.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11779 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\Windows\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 eLockService (eLock Service) - c:\acer\empowering technology\elock\service\elockserv.exe <Not Verified; Acer Inc.; Acer eLock Management>
R2 eNet Service - c:\acer\empowering technology\enet\enet service.exe <Not Verified; Acer Inc.; Acer eNet Management>
R2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService>
R2 eSettingsService (eSettings Service) - c:\acer\empowering technology\esettings\service\capuserv.exe <Not Verified; ; Service>
R2 MobilityService - c:\acer\mobility center\mobilityservice.exe -p
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R2 WMIService (ePower Service) - c:\acer\empowering technology\epower\epowersvc.exe <Not Verified; acer; Acer ePower Management>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-12 20:00:05 546 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - chris.job
2008-05-05 20:55:47 320 --a------ C:\Windows\Tasks\Norton SystemWorks One Button Checkup.job


-- Files created between 2008-04-13 and 2008-05-13 -----------------------------

2008-05-13 22:18:27 0 d-------- C:\Program Files\Trend Micro
2008-05-13 22:01:03 0 d-------- C:\Program Files\SpywareBlaster
2008-05-13 20:32:35 0 d-a------ C:\Users\All Users\TEMP
2008-05-13 15:57:32 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-11 23:20:59 57856 --a------ C:\Windows\system32\awtTlIxW.dll


-- Find3M Report ---------------------------------------------------------------

2008-05-13 22:11:25 13025 --a------ C:\Users\chris\AppData\Roaming\nvModes.dat
2008-05-13 22:11:25 13025 --a------ C:\Users\chris\AppData\Roaming\nvModes.001
2008-05-13 21:30:18 12 --a------ C:\Windows\bthservsdp.dat
2008-05-13 14:29:07 0 d-------- C:\Program Files\DivX
2008-05-11 23:39:18 0 d-------- C:\Users\chris\AppData\Roaming\uTorrent
2008-05-05 20:55:42 0 d-------- C:\Program Files\Norton SystemWorks Basic Edition
2008-04-29 13:58:21 0 d-------- C:\Users\chris\AppData\Roaming\LimeWire
2008-04-29 09:58:51 0 d-------- C:\Program Files\Java
2008-04-23 22:10:04 0 d-------- C:\Users\chris\AppData\Roaming\dvdcss
2008-04-10 08:41:17 0 d-------- C:\Program Files\Windows Mail
2008-04-05 15:03:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-29 00:34:30 0 d-------- C:\Program Files\LimeWire
2008-03-20 23:41:17 0 d-------- C:\Program Files\Freewire


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
02/03/2007 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
25/08/2007 04:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
31/01/2008 13:39 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [25/08/2007 04:51 316784]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [10/10/2007 14:40]
"RtHDVCpl"="RtHDVCpl.exe" [09/11/2006 19:57 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [23/10/2006 20:00]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [06/02/2007 02:01]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06/02/2007 02:01]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06/02/2007 02:01]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [07/02/2007 00:04]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [21/12/2006 01:02]
"eRecoveryService"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [05/11/2006 21:48]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [17/01/2007 17:01]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/03/2007 21:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [31/01/2008 14:15]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [09/04/2007 13:23]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07:00]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [23/08/2007 21:35]
"MSServer"="C:\Windows\system32\awtTlIxW.dll" [11/05/2008 23:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10/01/2008 13:08]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"Acer Tour Reminder"="" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:35]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 13:54]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [30/01/2008 14:11]
"@"="" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [11/08/2005 15:30]
"cmds"="C:\Users\chris\AppData\Local\Temp\nnnnnNDw.dll,c" []
"MSServer"="C:\Users\chris\AppData\Local\Temp\ljJCuuSI.dll,#1" []
"2aa81b5c"="C:\Users\chris\AppData\Local\Temp\irvmqpqr.dll,b" []
"BM299b28c0"="C:\Users\chris\AppData\Local\Temp\wiornwvb.dll,s" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [23/03/2007 20:17:25]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/03/2007 21:26:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E243A8E7-6244-49E0-A361-22DBF30FD46C}"= C:\Windows\system32\awtTlIxW.dll [11/05/2008 23:20 57856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=eNetHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
hpdevmgmt hpqcxs08 hpqddsvc
bthsvcs BthServ
bthaudiosvc HFGService


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92549449-7758-11dc-a724-806e6f6e6963}]
AutoRun\command- E:\LaunchBF.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-13 22:22:39 ------------

Highjack this log (extra)

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: AMD Turion(tm) 64 X2 Mobile Technology TL-56
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 1790.06 MiB / 935.61 MiB
Pagefile Memory (total/avail): 3800.46 MiB / 2471.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.02 MiB

C: is Fixed (NTFS) - 69.64 GiB total, 36.86 GiB free.
D: is Fixed (NTFS) - 69.64 GiB total, 38.04 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - Hitachi HTS541616J9S SCSI Disk Device - 149.05 GiB - 3 partitions
\PARTITION0 - Unknown - 9.77 GiB
\PARTITION1 (bootable) - Installable File System - 69.64 GiB - C:
\PARTITION2 - Installable File System - 69.64 GiB - D:

\\.\PHYSICALDRIVE1 - Ut163 USB2FlashStorage USB Device - 3.84 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 3.84 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AV: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton Internet Security v15.0.0.60 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\chris\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHRIS-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\chris
LOCALAPPDATA=C:\Users\chris\AppData\Local
LOGONSERVER=\\CHRIS-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\chris\AppData\Local\Temp
TMP=C:\Users\chris\AppData\Local\Temp
USERDOMAIN=chris-PC
USERNAME=chris
USERPROFILE=C:\Users\chris
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

chris
Mcx1


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Abacast Client --> C:\Users\chris\AppData\Local\Abacast\uninst.exe
Acer Arcade Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly
Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x9 -removeonly
Acer GridVista --> C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer OrbiCam --> Rundll32.exe BisonR07.dll,WinMainRmv
Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AutoCAD 2008 - English --> C:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
ContextTool --> C:\Program Files\ContextTool\uninstall.exe
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
Freewire Television --> MsiExec.exe /I{4BDEFAF5-EB62-44D3-AC55-F5EAAFC219A7}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\HXFSETUP.EXE -U -IAcrZUn32z.inf
HP Customer Participation Program 9.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet Printer Driver Software 9.0 --> C:\Program Files\HP\Digital Imaging\{F5936267-D467-4e7b-8940-A7D9F0398EF3}\setup\hpzscr01.exe -datfile hphscr15.dat -showdisconnect -forcereboot
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Launch Manager --> C:\Windows\UnInst32.exe LManager.UNI
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Ultimate 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL
Microsoft Office Ultimate 2007 --> MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSRedist --> MsiExec.exe /I{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Cleanup --> MsiExec.exe /I{CA31120D-2101-484D-9FF1-195DE96FE346}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Norton SystemWorks --> MsiExec.exe /I{9E23C48E-5483-4971-BA50-089F2FABCD66}
Norton SystemWorks --> MsiExec.exe /I{FB55BB78-2BC2-43E9-80FF-517A8D1AE3AD}
Norton SystemWorks (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{707D28BF-E145-4a9b-B97E-94FA586D05F3}\{707D28BF-E145-4a9b-B97E-94FA586D05F3}.exe" /X
Norton SystemWorks Basic Edition --> MsiExec.exe /I{707D28BF-E145-4a9b-B97E-94FA586D05F3}
Norton Utilities --> MsiExec.exe /I{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}
NTI Backup NOW! 4.7 --> "C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{F7B05784-334C-4F76-8BAB-30ABEB7FD534}\setup.exe -runfromtemp -l0x0409
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6e --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type31251 / Error
Event Submitted/Written: 05/13/2008 10:12:06 PM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.

Event Record #/Type31248 / Warning
Event Submitted/Written: 05/13/2008 10:11:33 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}', feature 'SolutionCenter' failed during request for component '{5FD5BEDB-A426-4F68-BA15-037E44388CE8}'

Event Record #/Type31247 / Warning
Event Submitted/Written: 05/13/2008 10:11:33 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}', feature 'SolutionCenter', component '{C8AA5B6D-C6A6-487D-B2AD-B6C2DC258E47}' failed. The resource 'C:\Windows\system32\Macromed\Flash\Flash9b.ocx' does not exist.

Event Record #/Type31238 / Success
Event Submitted/Written: 05/13/2008 10:08:20 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type31234 / Success
Event Submitted/Written: 05/13/2008 10:08:18 PM
Event ID/Source: 5615 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type111208 / Warning
Event Submitted/Written: 05/13/2008 10:11:28 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%chris-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %chris-PC27 can't undo changes that you allow.

For more information please see the following:
%chris-PC275

Scan ID: {0420775E-E9D3-4975-8879-13D41018052C}

User: chris-PC\chris

Name: %chris-PC271

ID: %chris-PC272

Severity ID: %chris-PC273

Category ID: %chris-PC274

Path Found: %chris-PC276

Alert Type: %chris-PC278

Detection Type: 1.1.1505.02

Event Record #/Type111204 / Warning
Event Submitted/Written: 05/13/2008 10:11:17 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%chris-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %chris-PC27 can't undo changes that you allow.

For more information please see the following:
%chris-PC275

Scan ID: {752A3BB0-30BD-4D2E-88B0-FE0CA95B29A5}

User: chris-PC\chris

Name: %chris-PC271

ID: %chris-PC272

Severity ID: %chris-PC273

Category ID: %chris-PC274

Path Found: %chris-PC276

Alert Type: %chris-PC278

Detection Type: 1.1.1505.02

Event Record #/Type111200 / Error
Event Submitted/Written: 05/13/2008 10:10:55 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
30000Automatic LiveUpdate Scheduler

Event Record #/Type111144 / Error
Event Submitted/Written: 05/13/2008 10:08:22 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058

Event Record #/Type111101 / Error
Event Submitted/Written: 05/13/2008 10:07:30 PM
Event ID/Source: 6008 / EventLog
Event Description:
The previous system shutdown at 22:05:28 on 13/05/2008 was unexpected.



-- End of Deckard's System Scanner: finished at 2008-05-13 22:22:39 ------------

Thanks in advance for your help guys, i really appreciate it

[chrispeters]

72 hour bump :D

[tetonbob]

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

P2P - I see you have P2P software ( Limewire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

• Please download OTMoveIt2 by OldTimer.
  Save it to your desktop. We'll use this later.
  
  
• Windows Defender
  
  Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries.
  • Open Windows Defender.
  • Click on Tools>Options.
  • Scroll down and uncheck "Use real-time protection (recommended)".
  • After you uncheck this, click on the Save button and close Windows Defender.
  
  
• Open HijackThis by right clicking on it, and selecting Run As Administrator.
  
  
  Click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked
  
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awtTlIxW.dll,#1
  O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\chris\AppData\Local\Temp\nnnnnNDw.dll,c
  O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\chris\AppData\Local\Temp\ljJCuuSI.dll,#1
  O4 - HKCU\..\Run: [2aa81b5c] rundll32.exe "C:\Users\chris\AppData\Local\Temp\irvmqpqr.dll",b
  O4 - HKCU\..\Run: [BM299b28c0] Rundll32.exe "C:\Users\chris\AppData\Local\Temp\wiornwvb.dll",s
  
  Close HijackThis now.
  
  ---------------------------------------------------------------------------------------------
  
  
• Please right click on OTMoveit2.exe and select "Run as an Administrator" to run it.
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  Quote:

  C:\Windows\system32\awtTlIxW.dll
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E243A8E7-6244-49E0-A361-22DBF30FD46C}
  
  

• Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

---------------------------------------------------------------------------------------------

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
  
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

---------------------------------------------------------------------------------------------

Open HijackThis (by right clicking on it and selecting Run as Administrator) and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

[chrispeters]

Thanks for helping me :D

The Move it resaults are:

DllUnregisterServer procedure not found in C:\Windows\system32\awtTlIxW.dll
C:\Windows\system32\awtTlIxW.dll NOT unregistered.
C:\Windows\system32\awtTlIxW.dll moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E243A8E7-6244-49E0-A361-22DBF30FD46C} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E243A8E7-6244-49E0-A361-22DBF30FD46C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E243A8E7-6244-49E0-A361-22DBF30FD46C}\ deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05172008_140621


The Malwarebytes log file is:

Malwarebytes' Anti-Malware 1.12
Database version: 722

Scan type: Quick Scan
Objects scanned: 36472
Time elapsed: 11 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AntiSpywareMaster (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM299b28c0 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\chris\AppData\Local\Temp\nnnnnNDw.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\chris\AppData\Local\Temp\iqwhlavt.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\Mcx1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.

The new hijack this log is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:36:52, on 17/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Users\chris\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\chris\AppData\Local\Temp\nnnnnNDw.dll,c
O4 - HKCU\..\Run: [BM299b28c0] Rundll32.exe "C:\Users\chris\AppData\Local\Temp\iqwhlavt.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11513 bytes

Thanks again for your help

[tetonbob]

Please reboot your machine, and then run Deckard's System Scanner once again. Post it's log, main.txt

[chrispeters]

Deckard's System Scanner v20071014.68
Run by chris on 2008-05-17 20:44:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as chris.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:26, on 17/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Users\chris\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\chris\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\chris.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\chris\AppData\Local\Temp\nnnnnNDw.dll,c
O4 - HKCU\..\Run: [BM299b28c0] Rundll32.exe "C:\Users\chris\AppData\Local\Temp\iqwhlavt.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11591 bytes

-- Files created between 2008-04-17 and 2008-05-17 -----------------------------

2008-05-17 14:08:20 0 d-------- C:\Users\All Users\Malwarebytes
2008-05-17 14:08:19 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-13 22:18:27 0 d-------- C:\Program Files\Trend Micro
2008-05-13 22:01:03 0 d-------- C:\Program Files\SpywareBlaster
2008-05-13 20:32:35 0 d-a------ C:\Users\All Users\TEMP
2008-05-13 15:57:32 0 d-------- C:\Users\All Users\Spybot - Search & Destroy


-- Find3M Report ---------------------------------------------------------------

2008-05-17 20:43:02 13025 --a------ C:\Users\chris\AppData\Roaming\nvModes.dat
2008-05-17 20:43:02 13025 --a------ C:\Users\chris\AppData\Roaming\nvModes.001
2008-05-17 20:40:40 12 --a------ C:\Windows\bthservsdp.dat
2008-05-17 14:08:52 0 d-------- C:\Users\chris\AppData\Roaming\Malwarebytes
2008-05-15 18:53:05 0 d-------- C:\Users\chris\AppData\Roaming\LimeWire
2008-05-15 01:56:45 0 d-------- C:\Program Files\Windows Mail
2008-05-14 12:58:35 0 d-------- C:\Users\chris\AppData\Roaming\U3
2008-05-13 14:29:07 0 d-------- C:\Program Files\DivX
2008-05-11 23:39:18 0 d-------- C:\Users\chris\AppData\Roaming\uTorrent
2008-05-05 20:55:42 0 d-------- C:\Program Files\Norton SystemWorks Basic Edition
2008-04-29 09:58:51 0 d-------- C:\Program Files\Java
2008-04-23 22:10:04 0 d-------- C:\Users\chris\AppData\Roaming\dvdcss
2008-04-05 15:03:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-29 00:34:30 0 d-------- C:\Program Files\LimeWire
2008-03-20 23:41:17 0 d-------- C:\Program Files\Freewire


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
02/03/2007 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
25/08/2007 04:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
31/01/2008 13:39 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [25/08/2007 04:51 316784]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [10/10/2007 14:40]
"RtHDVCpl"="RtHDVCpl.exe" [09/11/2006 19:57 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [23/10/2006 20:00]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [06/02/2007 02:01]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06/02/2007 02:01]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06/02/2007 02:01]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [07/02/2007 00:04]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [21/12/2006 01:02]
"eRecoveryService"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [05/11/2006 21:48]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [17/01/2007 17:01]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/03/2007 21:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [31/01/2008 14:15]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [09/04/2007 13:23]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07:00]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [23/08/2007 21:35]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [05/05/2008 20:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10/01/2008 13:08]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"Acer Tour Reminder"="" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:35]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 13:54]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [30/01/2008 14:11]
"@"="" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [11/08/2005 15:30]
"cmds"="C:\Users\chris\AppData\Local\Temp\nnnnnNDw.dll,c" []
"BM299b28c0"="C:\Users\chris\AppData\Local\Temp\iqwhlavt.dll,s" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [23/03/2007 20:17:25]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/03/2007 21:26:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=eNetHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
hpdevmgmt hpqcxs08 hpqddsvc
bthsvcs BthServ
bthaudiosvc HFGService


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92549449-7758-11dc-a724-806e6f6e6963}]
AutoRun\command- E:\LaunchBF.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9b03a59-2196-11dd-92c5-0016d35a5b63}]
AutoRun\command- H:\LaunchU3.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-17 20:44:48 ------------

[tetonbob]

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

1. Download ComboFix from one of these locations:
   
   Link 1
   Link 2
   Link 3
   
   * IMPORTANT !!! Place combofix.exe on your Desktop
   
2. Disconnect from the internet....pull the plug!
   
3. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
4. Double click on combofix.exe & follow the prompts. Type 1, then press Enter to start the fix.
   
5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
6. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
7. Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.
   
8. Re-establish an internet connection.
   
9. Open HijackThis (right click > run as Administrator) and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.
   
   ---------------------------------------------------------------------------------------------

[chrispeters]

combifix log:

ComboFix 08-05-15.3 - chris 2008-05-17 22:52:03.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.903 [GMT 1:00]
Running from: C:\Users\chris\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 13:08 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 00:56 --------- d-----w C:\Program Files\Windows Mail
2008-05-13 21:18 --------- d-----w C:\Program Files\Trend Micro
2008-05-13 21:01 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-13 14:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-13 13:29 --------- d-----w C:\Program Files\DivX
2008-05-05 19:55 --------- d-----w C:\Program Files\Norton SystemWorks Basic Edition
2008-05-05 19:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 19:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-04-29 08:58 --------- d-----w C:\Program Files\Java
2008-04-05 14:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-28 23:34 --------- d-----w C:\Program Files\LimeWire
2008-03-20 22:41 --------- d-----w C:\Program Files\Freewire
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2007-10-10 15:13 174 --sha-w C:\Program Files\desktop.ini
2008-01-01 12:15 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-01 12:15 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-01 12:15 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 04:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 13:39 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 04:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 04:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 13:08 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"Acer Tour Reminder"="" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 14:11 3497984]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-10 14:40 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 19:57 3784704 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 20:00 815104]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-06 02:01 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-06 02:01 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-06 02:01 81920]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-21 01:02 659456]
"eRecoveryService"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-17 17:01 151552]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 13:23 200704]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2007-08-23 21:35 152952]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-05-05 20:46 1179256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2CF027AB-76CC-463E-B495-0874BEBABC2B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{56172CAF-25B8-4DCF-9534-5FA3F9143A24}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{330E0F2B-00B4-434F-A571-80CCB1086089}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars
"TCP Query User{7CDB7313-E92D-4F4C-B634-55452FB4CDB1}C:\\users\\chris\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\chris\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{9BA24040-63B0-433E-B801-79EBF0D3D196}C:\\users\\chris\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\chris\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"TCP Query User{C8A17BB0-84BA-46D7-B7B3-D8E77C9C16F7}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.8\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.8\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{CF120FD3-CC33-4165-BE50-D2EEF58DE9AE}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.8\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.8\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"TCP Query User{375CA09C-2DED-40F0-868B-E9A1F17D3B2B}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.9\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{00B2C6C3-96D8-4248-AA29-DB8B746FD877}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.9\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"TCP Query User{8BF49E9D-4373-4419-84B8-492F187729E4}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{AFD7DD56-60F3-448A-A83C-1E4630022D4F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{28F0F072-7D60-4E9D-9206-32312171F390}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{0452A76E-424B-4D14-A4C6-B5A3F374EF78}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{792A201D-2D6B-44E7-AD8C-71848096C3D6}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{66E033F4-0856-4DEA-8D4A-16F4CE7284BC}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{CBD190B3-6C21-43D2-B75A-3B3F05E424E1}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{E5C915B4-9585-4DB9-9418-5A200ED6F768}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{EEA7A7DB-4DCD-4950-9BB2-A31D53BEE75F}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{925F7CB2-8388-4F83-8001-EF3398D6D55F}"= Disabled:UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{0EDFFD43-80C1-4C1E-84F8-44CFF0E0B8FA}"= Disabled:TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{B0754537-3900-43A9-BE46-45B1960A867C}"= Disabled:UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{03C9E428-4C87-4863-A15B-7E6702EE7C5C}"= Disabled:TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{64B048D4-BFD5-4995-AC4E-2A43B17B1322}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{A634D869-2190-475C-A82A-C959F3B0F275}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{5B3F306F-C196-40F8-9C97-31225EFC479E}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A8ECD2E6-64CF-4C4A-B15B-2EA78EDA70CD}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F278B2F2-D372-4188-A884-85F7AF4EFA64}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8296CC15-482D-4FFD-A416-398F17B13F24}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3459F687-7E34-40B4-9543-E8231D972FB8}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080512.002\IDSvix86.sys [2008-02-13 17:18]
R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-03-22 18:21]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-02 16:46]
R2 HFGService;Handsfree Headset Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 09:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 00:39]
R3 Cam5607;Acer OrbiCam;C:\Windows\system32\Drivers\BisonC07.sys [2005-11-29 23:20]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 17:44]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 21:50]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 20:18]
S3 BthAudioHF;BthAudioHF Service;C:\Windows\system32\DRIVERS\BthAudioHF.sys [2007-08-14 01:45]
S3 bthav;Bluetooth AV Profile;C:\Windows\system32\drivers\bthav.sys [2007-08-14 01:45]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\DRIVERS\BthAvrcp.sys [2007-08-24 19:34]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\Windows\system32\DRIVERS\se59bus.sys [2006-09-05 19:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\se59mdfl.sys [2006-09-05 19:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\se59mdm.sys [2006-09-05 19:07]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 09:55]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
bthaudiosvc REG_MULTI_SZ HFGService

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92549449-7758-11dc-a724-806e6f6e6963}]
\shell\AutoRun\command - E:\LaunchBF.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9b03a59-2196-11dd-92c5-0016d35a5b63}]
\shell\AutoRun\command - H:\LaunchU3.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-12 19:00:05 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - chris.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
"2008-05-05 19:55:47 C:\Windows\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks Basic Edition\OBC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 22:53:45
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-17 22:54:48
ComboFix-quarantined-files.txt 2008-05-17 21:54:39

The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.

218 --- E O F --- 2008-05-17 00:57:37

deckard scanner log:

ComboFix 08-05-15.3 - chris 2008-05-17 22:52:03.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.903 [GMT 1:00]
Running from: C:\Users\chris\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 13:08 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 00:56 --------- d-----w C:\Program Files\Windows Mail
2008-05-13 21:18 --------- d-----w C:\Program Files\Trend Micro
2008-05-13 21:01 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-13 14:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-13 13:29 --------- d-----w C:\Program Files\DivX
2008-05-05 19:55 --------- d-----w C:\Program Files\Norton SystemWorks Basic Edition
2008-05-05 19:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 19:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-04-29 08:58 --------- d-----w C:\Program Files\Java
2008-04-05 14:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-28 23:34 --------- d-----w C:\Program Files\LimeWire
2008-03-20 22:41 --------- d-----w C:\Program Files\Freewire
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2007-10-10 15:13 174 --sha-w C:\Program Files\desktop.ini
2008-01-01 12:15 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-01 12:15 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-01 12:15 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 04:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 13:39 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 04:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 04:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 13:08 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"Acer Tour Reminder"="" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 14:11 3497984]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-10 14:40 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 19:57 3784704 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 20:00 815104]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-06 02:01 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-06 02:01 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-06 02:01 81920]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-21 01:02 659456]
"eRecoveryService"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-17 17:01 151552]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 13:23 200704]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2007-08-23 21:35 152952]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-05-05 20:46 1179256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2CF027AB-76CC-463E-B495-0874BEBABC2B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{56172CAF-25B8-4DCF-9534-5FA3F9143A24}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{330E0F2B-00B4-434F-A571-80CCB1086089}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars
"TCP Query User{7CDB7313-E92D-4F4C-B634-55452FB4CDB1}C:\\users\\chris\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\chris\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{9BA24040-63B0-433E-B801-79EBF0D3D196}C:\\users\\chris\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\chris\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"TCP Query User{C8A17BB0-84BA-46D7-B7B3-D8E77C9C16F7}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.8\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.8\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{CF120FD3-CC33-4165-BE50-D2EEF58DE9AE}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.8\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.8\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"TCP Query User{375CA09C-2DED-40F0-868B-E9A1F17D3B2B}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.9\\cnc3game.dat"= UDP:C:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{00B2C6C3-96D8-4248-AA29-DB8B746FD877}C:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.9\\cnc3game.dat"= TCP:C:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"TCP Query User{8BF49E9D-4373-4419-84B8-492F187729E4}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{AFD7DD56-60F3-448A-A83C-1E4630022D4F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{28F0F072-7D60-4E9D-9206-32312171F390}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{0452A76E-424B-4D14-A4C6-B5A3F374EF78}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{792A201D-2D6B-44E7-AD8C-71848096C3D6}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{66E033F4-0856-4DEA-8D4A-16F4CE7284BC}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{CBD190B3-6C21-43D2-B75A-3B3F05E424E1}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{E5C915B4-9585-4DB9-9418-5A200ED6F768}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{EEA7A7DB-4DCD-4950-9BB2-A31D53BEE75F}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{925F7CB2-8388-4F83-8001-EF3398D6D55F}"= Disabled:UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{0EDFFD43-80C1-4C1E-84F8-44CFF0E0B8FA}"= Disabled:TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{B0754537-3900-43A9-BE46-45B1960A867C}"= Disabled:UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{03C9E428-4C87-4863-A15B-7E6702EE7C5C}"= Disabled:TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{64B048D4-BFD5-4995-AC4E-2A43B17B1322}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{A634D869-2190-475C-A82A-C959F3B0F275}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{5B3F306F-C196-40F8-9C97-31225EFC479E}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A8ECD2E6-64CF-4C4A-B15B-2EA78EDA70CD}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F278B2F2-D372-4188-A884-85F7AF4EFA64}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8296CC15-482D-4FFD-A416-398F17B13F24}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3459F687-7E34-40B4-9543-E8231D972FB8}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080512.002\IDSvix86.sys [2008-02-13 17:18]
R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-03-22 18:21]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-02 16:46]
R2 HFGService;Handsfree Headset Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 09:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 00:39]
R3 Cam5607;Acer OrbiCam;C:\Windows\system32\Drivers\BisonC07.sys [2005-11-29 23:20]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 17:44]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 21:50]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 20:18]
S3 BthAudioHF;BthAudioHF Service;C:\Windows\system32\DRIVERS\BthAudioHF.sys [2007-08-14 01:45]
S3 bthav;Bluetooth AV Profile;C:\Windows\system32\drivers\bthav.sys [2007-08-14 01:45]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\DRIVERS\BthAvrcp.sys [2007-08-24 19:34]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\Windows\system32\DRIVERS\se59bus.sys [2006-09-05 19:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\se59mdfl.sys [2006-09-05 19:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\se59mdm.sys [2006-09-05 19:07]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 09:55]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
bthaudiosvc REG_MULTI_SZ HFGService

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92549449-7758-11dc-a724-806e6f6e6963}]
\shell\AutoRun\command - E:\LaunchBF.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9b03a59-2196-11dd-92c5-0016d35a5b63}]
\shell\AutoRun\command - H:\LaunchU3.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-12 19:00:05 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - chris.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
"2008-05-05 19:55:47 C:\Windows\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks Basic Edition\OBC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 22:53:45
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-17 22:54:48
ComboFix-quarantined-files.txt 2008-05-17 21:54:39

The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.

218 --- E O F --- 2008-05-17 00:57:37

[tetonbob]

Hello -

You've posted two logs from ComboFix.

What I need to see next is a new HijackThis log. Be sure to run it by right clicking, and run as Administrator. Next, click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

[chrispeters]

sorry i thought one of them was a dekard one. sorry

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:14:44, on 18/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11227 bytes

[tetonbob]

Thanks.

Have the popups stopped?

Open HijackThis by right clicking on it, and selecting Run As Administrator.

Click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

Close HijackThis now.

---------------------------------------------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
• Click the "Download" button to the right.
• Select the Windows platform from the dropdown menu.
• Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

Open HijackThis (by right clicking, and selecting Run As Administrator) and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

How is the machine behaving?

[chrispeters]

hi, thanks for the much needed help. i appreicate the help. um the popups has stopand my laptop is running almost 'good as new'

just wonderiing after this finish is it best to keep al the anti spyware programs on the computer?

any way here is the scan results.. thanks is advance .. your i life saver:)

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 18, 2008 5:07:03 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/05/2008
Kaspersky Anti-Virus database records: 782869
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 83384
Number of viruses found: 6
Number of infected objects: 19
Number of suspicious objects: 0
Duration of the scan process: 0124

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\efcYOiiJ.dll Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\hgGwTNgH.dll Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\iifcDwvt.dll Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\irvmqpqr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rjn skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\qoMghEXo.dll Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\ssqRkkJd.dll Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\tmp00015724 Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\tmp0001a4a7 Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\tmp00024d06 Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\tmp00028e1b Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\tmp00036096 Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\tmp0003be9d Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\vtUlMcDs.dll Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\wiornwvb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rjo skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\wvUoPgdc.dll Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\InstallShield Installation Information\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.ilg Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\ProgramData\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{00CB62D2-3BCD-4677-ADA6-A873FECE7BBA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{01408C2E-569C-45AC-BD76-96C65675A24A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{01DD0CFB-948C-4116-A01A-4AA83D63D02B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{03BFCD8A-BCA7-4ED0-819A-41F7A69BE8BC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{041538EB-05CE-4E3F-B3EE-BFF8257CFEE1}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{06B05C2B-C17E-41B3-922D-663197E97425}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{09E4991B-BE0A-4A3D-8621-E986B5E5F93B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{0A0B4200-78E5-4E66-9DBB-35EA97F9017B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{0B442656-BA8F-4C27-92F1-278DE61E9285}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{0BAF9CF7-5B2B-4999-8815-7F98CD283BAC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{0E4084CC-DB52-4745-A633-C00C2EE72028}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{0FAB6FE5-7F78-4683-940E-D298AB7F6129}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{0FD07290-B1B6-4D09-A5CC-7EB7BA939A7A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{118D2498-E4A6-4F7E-807C-BD970A53AF3C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{11D1F4CF-4BE4-4174-8BEC-89CC624DA2E9}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{12B19E62-FEB3-40B8-8AB4-1C16378EA250}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{13016883-4EB4-47E4-8E44-99728D8D9597}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1310014E-F21D-41BE-8E9C-B93CB9FA572B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1318C615-A037-4B6B-9874-F15AD13F0F1D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1337328E-E5A9-4D8C-9DA6-21A37D0F5C0C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{139CA37F-7C35-4122-88B6-22863D09D2DB}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{14438034-0051-4D42-A5ED-2D7B7FC34011}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{144C18F0-D309-4566-8075-8BAD940E23BB}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1485172F-D7C9-4D7B-808A-638639B6B404}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{15DA46E3-C89D-48CA-9171-0BDF8659B957}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{161144AB-25CE-4BC2-B07A-9769D66EB86D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1650250A-D3C8-42DD-AB6D-83CD9E4BCA32}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{169F78EC-EF48-43E1-93E6-6E2589D55A7E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1750A9BD-D28E-4F95-9397-F7FC48755905}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{17A86518-9D73-481B-9E10-4471BAD121CA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{191D4081-2941-4B1C-8477-3156E1D4FA7D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1986EBFA-842D-4626-95B4-AB56D6D46433}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{19EF2D3B-5E52-437E-8414-5692763B1EF8}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1A54FBF2-B8F5-46F1-B458-1CF3E4719D21}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1B3A936D-1001-4501-BADB-751907DBEB5A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1BD6F716-1E8D-40FD-AE6B-4A379C289F70}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1C450EA7-B49B-42CE-9DD0-FA7CFBA6D7A4}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1C921DD4-1EE2-4737-A589-0FAFDFD45F46}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1D4E39C3-D885-4F71-A74F-1C8AA1023D59}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1E4A78FB-C2FD-4BCE-9A24-3C270F326C8D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{21954453-3B32-4C23-96D5-130B43F007AA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{21D9D759-011A-4AAF-B6F0-0CD50FE3D3ED}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{21FBEECE-6DD6-44C2-9524-F45DC1E6B925}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{22C67015-A01F-4612-A53C-78C9E15A9307}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{22E65E7F-B4A2-429B-9E47-E1791278FEF4}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{23D3F299-9F77-4808-9C4B-FF7ECFFCCD40}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{24B97737-317F-407B-AB9C-B2CB569F1523}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{25BC4344-171C-4D29-8FB6-DE9F9A5107DF}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{2659EF28-4B0F-4F60-A6B3-9E5674ED7ADE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{26CACD69-7A69-46CA-999D-49C5606CFE7C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{26E2E942-B98D-4DC8-A577-6103AC498781}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{273AD06D-7CBE-4812-82AF-E558FC060E2E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{27DA48A5-E236-4183-881E-B316FA35B617}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{290A7B85-0BF4-4766-9548-F27409CD4B2B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{2A8C6CF4-2C97-4D43-9D8C-0311C859A8EC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{2AA53DA3-7E77-4891-B561-E020109B4218}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{2AFCCCCF-B003-4F87-BBD2-B8240EF164D5}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{2B563342-98D0-4E24-81AC-27A66E0D8C65}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{2BFABB82-ACEF-4369-A3A5-0951B38D9CDD}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{2E86F105-E8CB-46A2-A6EC-8956E0293EE5}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{2F0C64FF-E054-443E-BBB6-106D200D64EC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{302910B3-F89F-4E98-A812-8FB9B85C74ED}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{30826176-ECE3-41E8-943C-C5C88B8311CD}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{30A17CF4-887D-48C9-AC2E-7357D5CFF841}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{31383AA1-DB90-48A3-A8BD-FBBAC75630BC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{31383AA1-DB90-48A3-A8BD-FBBAC75630BC}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{31F1D40D-E66B-47F5-9A7C-95C734CB2192}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{328F16B4-D933-475C-9A8A-94A53B429863}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{330DDC58-A8E1-4407-90F8-8F9FCE6E6934}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{332A63E3-1A86-4DB3-AB25-C96BFF714ABC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{341CBB13-1907-4762-BD10-9ED18E1601FA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{360B5960-D761-4B48-AE86-6A8CCD7B9AD6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{3665A53E-BA1A-44B4-9B23-35DED2B50855}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{36DF42D7-CF9D-4386-8497-C841D4BBF541}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{394B5C4C-B82E-49A7-8502-089667F6C245}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{3A00AB8C-1213-4414-B273-79EF7FCC00BB}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{3BE7A571-2956-46C9-8F9D-35BD1DEFECEA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{3BFB20CB-F029-4C5D-A8C6-F6F9BFD3D19D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{3C1FF14A-1C5D-4DA5-ADD2-752A8DF712EF}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{3CFD96E4-2376-4A0C-A861-114E04E94D33}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{3FA15ABC-3442-42ED-BE11-AB5697E73D6E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4042F886-658F-4D73-9AA2-4CEFF15FA8BD}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{417DCF42-5023-44B6-8BD8-574C2F3E5429}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{418314FE-D22D-4A2C-BA17-D8535A9328A6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{41F28246-83E3-478C-9125-E3BBD78242AF}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{430E51A5-12BC-40FF-8622-80B1B44ABBC1}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{430E69FC-A696-4A56-BB6F-C6FC49E98FB6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{43611F78-C095-480A-B44D-01F7854E0EA6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4369106C-9858-4BE5-B087-795612EE901E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{43D3D8B3-6C0B-499B-B239-154FDC905688}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4412BFED-8D7A-4B71-A858-1C29EBCF64EA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4480AC0F-005D-4183-8056-5CBD6F9FA7B9}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{448DA012-6AAF-41DB-8A1A-CCD9BC4CF8E8}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4554E417-50F5-488A-8654-3187CA6E170F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4662B09B-C954-489C-9E8B-868E5DE3F0D6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{48293F36-739C-4B7F-8756-625C96E69835}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{48D71263-B8D5-48F5-9D14-D9498041E844}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{49C160FB-CA1A-408D-A3E5-F2B7390D2632}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4A8794C4-66CE-4DA6-A445-B9CE024F38F6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4AA2C0C9-A9D9-42F4-88DD-CBA9BA0DFA27}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4AC1C6F6-8CB1-4CD8-A3E7-5078994533E7}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4AC545A0-B0C2-48C0-84E7-E489182D7DC9}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4B25F377-A05D-4008-ACEF-B8D7DA70C1AD}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4CAD4C8F-5643-44F1-B6EE-760E9AC87D95}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4D2D5A80-3B48-401C-879B-35BE13076947}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4D33B1FC-62F4-4FCC-B97D-623EA895F851}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4E34F925-F371-486B-8EAC-B32691D9B123}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4E5F4F6A-F803-42C8-AE9C-2CBFCC1F68A7}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4F029EA3-561E-4629-B950-3993C41BB52C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4F4D7F9F-5418-4348-9820-2EDAC0E34234}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4FEA6B32-949E-497E-BDA0-F6BC373E9C2B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5105C69F-6349-42E5-B756-018B20C8CF17}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{51B2E7FF-E04B-4C68-B7B7-ADBEFD048387}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{527183CD-14F1-41F1-BF51-A33C26C315EB}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{529A62FE-0C02-4139-847D-2C717F36580F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{52A38796-58C4-4428-A4C0-97BCC8FF874D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{52C49DCA-FA76-412D-B911-26002732FD17}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{52EE3D8D-AD0F-4B0A-B1F1-FBA8E6D031ED}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{52F30371-E07F-4579-9DA2-1BFECD46D80D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5352CF27-F126-4623-8371-9FF2FC92EE5F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{54440FCB-CB65-4518-B804-308C9756CF51}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{548CCA43-D36D-466C-AC57-2603D9360079}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{568FFB08-7170-4FF7-B5F6-640C9786205A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{568FFB08-7170-4FF7-B5F6-640C9786205A}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5690D675-374E-4519-B639-F3943E25A827}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{56934D97-0F90-4A94-90E1-49547E2E901A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{56BDE029-5C37-41DF-B525-D7EC96A0D1C3}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{56E745D1-D23E-4B66-BEFC-1921DC80B7A0}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5724C6A6-6699-4698-8EDC-97A0C7339E82}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5764D3DB-0194-4C3E-9561-F73478C35A72}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5764D3DB-0194-4C3E-9561-F73478C35A72}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5795A60A-C46B-4873-8AFA-A02133B97630}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{57B9302B-98A6-47D9-8789-D1E0CD39652A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{585D25CC-E71D-48C3-AC35-6308D8FBF1B7}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{58B9C7C6-3073-405B-AAB7-8DE891CC146B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{58EF62F0-3D05-4F84-A1F8-B780A56EFB59}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{594E2068-6C2A-4E16-A698-0B64B5DC53CE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5950F9ED-78DE-431E-9172-9C1824D08D71}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{59970A6E-720B-4FFA-8024-CEA21B634A17}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5AB2878E-CCD7-468F-9E8C-C8A21EA3047E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5CB9DEA6-1215-479F-9AA3-7975E95E80F5}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5CD6C008-DED4-4C01-9DBC-0075E7F527D5}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5D3E0DBB-CAE0-4990-B881-10EC2A2D5293}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5D9AC1EE-B2DC-4DBA-A37D-54D4FA321E28}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5FC1D197-72F7-4ED1-8E80-6ACB4745FED0}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{6021F90D-B8DA-494B-A4E2-1914957AE801}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{60AE00B1-B149-4692-9565-74B42FB91FD8}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{60EB04A7-9EA6-44A9-B431-725D7C74BBCE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{639A1243-DE3E-4395-9558-EAD3B345C6E8}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{63A7A5D3-2D3A-4964-83BC-9E59A3A195CD}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{6536BA48-56C4-40A1-9C77-974D7C4F6FBE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{6835AAFE-5B72-4CC4-970D-DED2F137B0FC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{695DFDE4-9D30-4942-9A2D-282861C6233C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{6CCEDBE8-A2EE-4E26-AD35-4A0FC7F765C8}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{6F2E647A-96D5-4A9D-AB8B-3CF87406DA7E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{6F63AF5B-EB80-41E5-A697-CC778320C4ED}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{6FC6C760-F87B-4323-9B1D-23640FB253C0}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{6FD40274-88D9-48E2-8BD1-EA6A01661679}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{718C2589-957B-4946-9C46-DED26BD30A0E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{71B32184-7419-420D-B91F-DEFB345CB710}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{71B3582F-211A-41B8-A116-9112C10B4BEC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{73C32952-EC4F-4134-A83A-009013706CCB}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{73E3B80D-D028-4CA5-B62C-4C6210FD554A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{74138E35-6CC7-4BB6-B517-BD507284A05A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{76C3FA9B-133B-41E6-B2C0-5B44C376B7E9}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{7839CA5D-3146-4594-8669-E083E971A2E5}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{78553183-FE06-4A36-B298-141E8C49CF1B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{78665747-580B-4EBE-A9D4-F149D51C7378}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{78CCA11D-7286-4127-A06F-B13E0150EE7A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{791F7B03-322C-4766-B06E-304C9E65E0FA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{7AF338F1-8202-4647-869D-E92F1CE66B28}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{7B87FC15-2CE1-4458-886B-1D8854576BEE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{7D1B5CF1-123E-483E-97E6-05DD71D90F60}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{7D9E68E6-9F69-4195-A527-099D5A427F64}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{7F2E8702-1B19-40E5-9B86-F60F04DE5D02}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{7F738184-7971-40FD-BC72-1DE67B8AF1E8}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{7FFD9C27-C25A-4BB6-9341-BA146B9E4735}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{813E247E-FE5D-475D-BE0A-A7D237E01E74}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{81F65284-F285-4F48-815F-900C03965B41}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{82C33E02-D9E6-43F5-A2FD-91B9CDED988A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{82CB81CB-082E-4CB2-8315-98010CBD37E1}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{8389FD34-6163-463D-A560-9B709FCC6EF4}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{83BAD499-98A4-449D-8AEF-BB11E6581143}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{83CF7AFF-A247-4A8F-996E-319BA2F60740}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{84AF913D-C691-4639-93B4-0D5297265456}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{84EA0E0C-D33E-4F09-B3D2-37E1BBCF7EC1}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{85AFBE29-0C8F-4AD7-AC4F-46B793CED9B1}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{887E5513-0229-4FD6-AF78-C5C17C4E878C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{88B44024-ED8F-408E-83C9-1AF33C122892}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{89A91BBB-4BDF-4BC3-A98B-BA249CBA3623}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{8C35AFAA-B61B-4A7D-9056-4A9A52003C21}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{8EF3499F-9638-4DCE-9E94-64F3AD8079EA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{8F12EF04-87D2-4DC7-B0CB-B35EA05C505F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{8F32AB0A-B6AA-4051-AA20-5D03A3472E7B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{8F5C495F-54A9-4B7C-A2BC-F431CB1DE418}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{8F87EA78-D600-4A97-AAEB-0E6D8F4718B2}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{8FC6D15F-4B2D-477F-B9A2-BD38337AA4D9}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9085EF31-F8EA-4F25-8342-E87987C44D4D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{90E158AB-1DAA-4D75-9A0B-FA70C9A71C4C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9179DB57-D674-474C-AF1F-70001B65B3E6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9185A4BD-6A57-4142-BEF5-5ED5C9F7122F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{91F63999-4ED2-48A2-AE35-8CFC4BB220DC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{93D7C6BF-E3CA-4F8A-9770-9430F8F784A7}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9448AE39-669C-47B5-8EC8-1E19548C1D46}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{949B0F5F-54FD-44D9-84BB-CFF2358DF513}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{94BCBC1F-A4DC-4519-8A7A-E61093F944EA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{94E0B4E9-7B91-488E-8A42-C5988F61E02A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{94E6B64F-ED48-47B6-977A-D5CE37239094}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9554D323-F67D-4A23-996B-D10DE3920850}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9633F2FB-C4FF-4C37-B607-88D5723FCF3B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{96361DB1-742E-49DB-951E-E1AB6315C7B0}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{96F25C37-C2D4-4C19-8D6F-2D209887E5A6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{974EF636-4446-42A3-8E1F-FA79DDCD2753}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{98ACF335-C183-4170-B4D6-2EC4C2E3134B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{99801A68-4A1A-4390-951F-F13D1AFE57CE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9ADEE842-4480-4185-8233-0DC223B1ED01}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9B11C526-7BD0-43BF-A323-34ED4DD7C223}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9CFC18E0-3992-4A21-AEB9-7635D2ECD275}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9CFFD0A1-17A8-4655-AC18-241E959E70D2}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9D14C46E-2098-4EDF-BF1E-24DC38A2B7FA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9D3A00C9-7560-4626-B767-6538FBBFEEA6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9D69AA22-C28B-46FD-BA97-F7C6AF4FC963}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9D7940CA-34E6-43A2-A6C0-F1CC61B268F3}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9DB0FED0-D839-4CC2-90DD-978F96F3FD4D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9E98CCED-7FD5-4509-B8FD-30EE5E5E078E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9EE60A7D-DB04-4FE1-85DB-469E2D019E5C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A0B5A0E4-3897-41A5-A4C7-65C836CCC433}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A1578F3E-ECDF-4CD0-8C70-0EA61DF5B4D9}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A2E2C2CD-0541-46C3-91FA-C4BF75BA085F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A4047F92-82F0-4E42-99B7-C1C5CE2D972D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A46FF5EB-391D-459A-9130-3C9908166403}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A4B22D01-28E2-4F6E-9AFF-E84E674B18AF}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A6C59B62-886C-4FA1-ACC7-9EFEC5C0E70A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A6CA9BDF-B48F-42CC-B60F-250F75EBD54C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A8145E2C-013B-4AE1-AA8F-F30AD34E8566}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A85EF6F2-71E4-44EC-9F1D-89826D2FF6DD}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A8D2D6B3-6398-4F11-B78E-999EFA2C441B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A9CAB2DA-32D5-498C-BCCE-482835F20A26}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{AB63F401-8850-479B-985B-FCE8CD93DEEC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{ABAAFD75-1040-4AA8-AABB-9107273C4A60}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{ABB156BB-10D6-4624-B598-4C00D03FEDFE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{ABD5881E-1DF1-4EB2-B021-7AF56562C2EA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{ACF17C79-4F41-454C-951E-F397352FF8A0}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{AD3BC9E5-00FB-489C-9009-3DCC12B1B86D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{AE7B6AE7-EBAF-45A9-B587-225AC9B955B6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{AEEA3CC3-30FE-4713-A82F-C6D8C06027D1}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{AF158BD1-9FA6-45DB-9830-900FB26108B8}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{AF5AA2A0-96F8-4CD8-ABB8-E16A6AD748F7}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{AF9D8B8D-0B7E-46D0-8F12-1D6FAA589C5D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{AFC2D34D-010E-4A75-89C4-C3011E3A7212}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B0FBD61A-751F-4B23-9353-3FD4DDB2A4D4}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B18265B6-E6BA-43C7-8BBE-82A425FC23C6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B29EF1B2-CEF6-472A-80F1-CFF0D5F93B60}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B2E6AEFF-AFBE-4C02-BA87-A4D1661859DC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B32BAAD2-3F65-4B5F-B933-4AFF11CEAA40}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B3781649-8510-4A0F-B05D-8B261CBC21BA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B5216047-1CCF-4E14-B5BF-435321A3CA70}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B7523B53-E3D0-4960-946F-01AF4B02D9E8}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B95EF27E-48F9-4995-87F3-F0CC27393BA4}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B974BF04-61FB-4908-B1D2-CF8E0F207B66}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B9C1B42A-99C0-4A43-B940-B638D67E9E04}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B9C5CCD8-F3BC-471A-81A8-60B0E944CAFA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BAAD42EE-10D5-4B80-9303-FBE795C10F71}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BC185BFE-D82B-4BEF-8987-E5B268426A2D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BC82F468-8D5D-478B-8C99-949EC9C37D83}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BCA60BC3-0226-449E-A50B-65AC5347F0F5}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BCB584EE-FCA2-4B71-8D27-64A3F5B4B61F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BDF61680-D7CF-4D6A-9F1A-2CB0C8CC0EDA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BE29A65B-E7EC-4E25-8705-1BDE097386DC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BE3A2E4D-A6DB-4B12-800B-028977BF3CCF}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BEED7417-A8F1-44B7-B33F-0BE5C626A21B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BF284990-6DEC-4ACF-A6D7-83E05BB6816C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BFF33F82-5A04-4ECC-BFAB-B20A13425FB4}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C03CCE37-7236-4374-9634-EC1E77165087}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C192F635-6EBE-4F20-A0A9-B05CCB57CE01}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C29D8E0E-12E8-48C2-A10F-3258026D1C2C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C318A9AF-C84F-4B66-B093-20AC344F141F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C3D1F656-9D89-4035-B1ED-35C5AA761A36}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C7874A64-B063-4E21-8180-B90FBCD01954}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C78D358D-5931-4CBE-999D-4E0F5208ADB3}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C7DBC9FF-649D-459B-BE25-B9A3125D112E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C84ECCDE-E474-4729-9729-E15A5E0F374E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C92B1FC8-7170-4EEB-95F5-35D981A61E7C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C92E7DAD-0DFF-451E-82C9-6363C20756F0}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C9C281A1-8D83-4B22-9D2B-9FB42B846679}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CB13AE1E-607F-48E8-944A-C98CD516BD4F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CB17A372-909D-4A14-8810-655419393F53}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CB4C50E6-954D-4736-98E2-502CF0D2456F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CB63DF73-2234-4571-92BC-85FBC9F67CCE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CBE413D8-37C2-48BF-8025-CF8A5A625599}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CCA6CC1E-2422-4A54-91BB-BF46174F622C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CD1D9F4D-F8A8-42ED-A225-2A74E172908F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CE8AF608-6A29-4BE7-82E7-AE4F1CCF1771}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CEA4AE4D-0C0D-43AD-A0A1-C269B64DD1FC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CEA86030-2AE1-4D2F-9B95-EB03CAAB4B1D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CEB8A19F-9C4B-4567-AAD7-D7F6EDED7464}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CF6CCB03-8634-4752-A888-8FA683D95FF0}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D02257E0-46D9-4937-95C0-5F98F305E1B7}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D150634E-FF8E-41D1-9D7C-E844E508E655}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D264A60C-0C4B-4619-9261-ACA4C18F976B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D2EEEE1B-1B95-41DB-A6C8-D51C7143E3A6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D35D7839-1F10-4F15-931E-721103227F9C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D5851643-14B1-416B-AA4F-36F472A4ADBE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D5F9B5BE-E2FB-4DE6-A5C2-A034BA22C05B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D7EF5B10-B23C-4C4C-AEA4-DE665B413335}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D8238BB0-364D-4F04-8A2C-67E98687BD6C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D9130E13-9BDA-483B-92DD-924273A1E13B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DA225612-5593-43CE-92C7-0579759F8419}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DA5E92CC-9E8A-48BC-9AFE-9BCEB3E6F292}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DC006908-1AE5-4CBF-8C1E-70003862D78D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DC0EDD9D-49E3-485B-97CB-A0074DBF1268}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DC99A200-128C-4DE9-BB6F-63EE170E2D6B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DD7716AB-455A-4DD9-AEFE-6F605DCD6C9A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DDD061E4-AFD2-40C8-A581-537B172E17B5}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DE381838-DA12-493C-922F-D8CB6940D7AF}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DECA272B-22BF-4EA8-9C0E-3A0A0BB9CD7C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DF3BEA7E-3659-49B8-AFEB-CB6FEF200DF5}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DFFC49CD-8B1C-46F1-A591-4A2E4997F514}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E10DC97F-7EB5-4A31-8546-8FC7E0343CCC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E2DBAC47-89D9-4450-BD61-48B51D3A8731}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E30630C6-6A8B-492D-958C-FE5065AF392B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E37995D2-1679-4AB5-B046-5CA29DE6119B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E4016207-DEA4-4032-999F-27DF0C8387FE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E408C383-A9B9-4E2A-B23C-B85B17AD3320}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E44D0A60-785E-41B6-A6EA-7456341CD0B0}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E46F31B1-0DAD-4BBF-B51D-7E3B1EE1D43B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E4879C87-4923-425C-B898-9720087F452F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E767D51A-65CE-4803-90D3-737AF620E194}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E7C83C64-8941-4317-98F5-C31DDCE3BA65}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E81D51D7-5358-45DB-BE3F-24E640A2E1AC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E8CC822C-080F-40AF-95DB-ECA423B1E07E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E8D70E48-DE23-4828-A15B-1E2AB0B536D2}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E9514578-9EF1-4200-A085-D7AF589A1AAC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E9514578-9EF1-4200-A085-D7AF589A1AAC}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E9CF49A4-FB5D-4ECA-A4FF-96085012812A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E9E36431-613D-40C3-B485-575FA18983F7}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{EA5A608F-4C12-4D5A-B0F2-D27158DC1CE0}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{EA9524F9-F9C1-42BB-8791-4FBFCF684277}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{EAB12092-50DD-4FDC-A12E-0D046E86B943}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{EC8E51FE-45E4-41E5-A652-18187B6A0FF1}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{ECB78E4F-B2CE-43C2-8336-E9D8438ADF37}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{ED526757-FE2F-4BE6-8C6E-314218763B76}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{ED848364-6CA9-4878-B51D-4AE1128E483A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{EE14CC3A-C7C1-40F3-B777-F91F247D8A24}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{EE239B2D-8D5E-4C9A-A264-0B2AC5ED1A94}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{EE42C7BD-B87D-4821-AB8D-B70B4704AE44}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{EFB202B6-3D42-4146-8B49-EFD05A16079B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{EFF36C07-1A66-418E-832A-CB549719C997}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F0826109-ED0D-471E-ACD1-BFF0A934BD7C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F28F391F-028A-43A6-A258-113D29F1E80E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F4185AED-C32D-4F78-8DB1-C7A482AE257D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F42DDC49-8E93-47C7-ABBF-9EA15BA0656D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F53D1030-8981-4D86-8FBF-020D742E35B3}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F551E6B6-D2A1-4F6D-B12F-F4859B543766}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F68843EF-6E5E-48FB-97CA-A78E05BF9C7F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F7A625DF-A6E8-4D2D-B324-6243E7BA506E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F8E36B2B-8B8E-4161-AE58-75CEBE400720}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FAA9D50E-02AA-4A50-A1E6-F2A5FFEEBB49}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FB73422C-0EB3-4292-B84B-26C1BA9FD1C7}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FD7B635A-1973-43E0-866E-917C4E371EA2}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FDE32753-6A65-49BE-B92A-9803188BC9DF}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FE0A5142-1B50-4068-B49E-74ADE4A4BC80}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FE2D7AA3-9E33-47DF-8819-F93F6A612A5D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FE7016F8-57C2-4EB0-AB34-DD4BA4F1D526}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FE83BA8C-B477-4A10-A1D9-D249039B38B6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FECA600D-A5AF-48AC-9D30-9ABB916B3D56}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FF329076-6AED-4664-B252-EFCF34E8E9EC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FF97432F-9F9E-48D4-B3CE-ED0B1BA1A420}.BAK Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2008-05-18_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\Shl_{58AAEF31-6831-41B7-A95F-77004AF407EB}.ldb Object is locked skipped
C:\ProgramData\Symantec\SPBBC\Shl_{58AAEF31-6831-41B7-A95F-77004AF407EB}.sds Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7b6648db1a8e0b47f3909e331c543726_7b2cba51-9c2c-4b47-be76-03bc0cc8b99c Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ca2e4766884465d9fd68e05e809b33ac_7b2cba51-9c2c-4b47-be76-03bc0cc8b99c Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dcef218e58603cd440a575a0fb8e1c05_7b2cba51-9c2c-4b47-be76-03bc0cc8b99c Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog13.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog14.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog16.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog17.sqm Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Mcx1.dat Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\ProgramData\Sophos\Sophos Anti-Virus\Temp\dab6006b.$$$ Infected: not-a-virus:AdWare.Win32.Agent.jb skipped
C:\Users\chris\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF1WZ77I\iddqd[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.rsp skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\UsrClass.dat{be8685cd-7717-11dc-8712-0016d35a5b63}.TM.blf Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\UsrClass.dat{be8685cd-7717-11dc-8712-0016d35a5b63}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\UsrClass.dat{be8685cd-7717-11dc-8712-0016d35a5b63}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows Defender\FileTracker\{8CD702CE-CAD6-4AF0-A1AF-5B569E99CEEA} Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\chris\AppData\Roaming\microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\chris\AppData\Roaming\microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\chris\AppData\Roaming\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped
C:\Users\chris\Desktop\dance\destination calabria club mix.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Users\chris\NTUSER.DAT Object is locked skipped
C:\Users\chris\ntuser.dat.LOG1 Object is locked skipped
C:\Users\chris\ntuser.dat.LOG2 Object is locked skipped
C:\Users\chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Installer\MSI4BB2.tmp Object is locked skipped
C:\Windows\Installer\MSI91FE.tmp Object is locked skipped
C:\Windows\Installer\MSIB933.tmp Object is locked skipped
C:\Windows\Installer\MSIC3DD.tmp Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\Norton SystemWorks One Button Checkup.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\JET866D.tmp Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
C:\_OTMoveIt\MovedFiles\05172008_140621\Windows\system32\awtTlIxW.dll Infected: Trojan-Downloader.Win32.ConHook.pr skipped

Scan process completed.

[tetonbob]

Things are looking good from here, also. Just a couple more steps...

Run OTMoveIt2 by OldTimer

• Please right click on OTMoveit2.exe and select "Run as an Administrator") to run it.
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  Quote:

  C:\ProgramData\Sophos\Sophos Anti-Virus\Temp\dab6006b.$$$
  C:\Users\chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF1WZ77I\iddqd[1]
  C:\Users\chris\Desktop\dance\destination calabria club mix.mp3

• Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

================================

Can you be more specific regarding

Quote:

keep all the anti spyware programs

Some we will remove. Some you may want to keep for the future.

[chrispeters]

hi just to say that the pop ups have stop and the laptop is running ' good as new'

thank u for doing this for me its much appreciated as u r a life saver .

another question.. would it be better to leave the antispyware on the laptop , or uninstall them?

anyway here is the sanner report..

thanks in advance:)

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 18, 2008 5:07:03 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/05/2008
Kaspersky Anti-Virus database records: 782869
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 83384
Number of viruses found: 6
Number of infected objects: 19
Number of suspicious objects: 0
Duration of the scan process: 0124

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\efcYOiiJ.dll Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\hgGwTNgH.dll Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\iifcDwvt.dll Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\irvmqpqr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rjn skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\qoMghEXo.dll Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\ssqRkkJd.dll Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\tmp00015724 Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\tmp0001a4a7 Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\tmp00024d06 Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\tmp00028e1b Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\tmp00036096 Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\tmp0003be9d Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\vtUlMcDs.dll Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\wiornwvb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rjo skipped
C:\Deckard\System Scanner\20080517204406\backup\Users\chris\AppData\Local\Temp\wvUoPgdc.dll Infected: Trojan-Downloader.Win32.ConHook.pr skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\InstallShield Installation Information\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.ilg Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\ProgramData\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{00CB62D2-3BCD-4677-ADA6-A873FECE7BBA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{01408C2E-569C-45AC-BD76-96C65675A24A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{01DD0CFB-948C-4116-A01A-4AA83D63D02B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{03BFCD8A-BCA7-4ED0-819A-41F7A69BE8BC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{041538EB-05CE-4E3F-B3EE-BFF8257CFEE1}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{06B05C2B-C17E-41B3-922D-663197E97425}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{09E4991B-BE0A-4A3D-8621-E986B5E5F93B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{0A0B4200-78E5-4E66-9DBB-35EA97F9017B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{0B442656-BA8F-4C27-92F1-278DE61E9285}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{0BAF9CF7-5B2B-4999-8815-7F98CD283BAC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{0E4084CC-DB52-4745-A633-C00C2EE72028}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{0FAB6FE5-7F78-4683-940E-D298AB7F6129}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{0FD07290-B1B6-4D09-A5CC-7EB7BA939A7A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{118D2498-E4A6-4F7E-807C-BD970A53AF3C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{11D1F4CF-4BE4-4174-8BEC-89CC624DA2E9}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{12B19E62-FEB3-40B8-8AB4-1C16378EA250}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{13016883-4EB4-47E4-8E44-99728D8D9597}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1310014E-F21D-41BE-8E9C-B93CB9FA572B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1318C615-A037-4B6B-9874-F15AD13F0F1D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1337328E-E5A9-4D8C-9DA6-21A37D0F5C0C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{139CA37F-7C35-4122-88B6-22863D09D2DB}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{14438034-0051-4D42-A5ED-2D7B7FC34011}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{144C18F0-D309-4566-8075-8BAD940E23BB}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1485172F-D7C9-4D7B-808A-638639B6B404}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{15DA46E3-C89D-48CA-9171-0BDF8659B957}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{161144AB-25CE-4BC2-B07A-9769D66EB86D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1650250A-D3C8-42DD-AB6D-83CD9E4BCA32}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{169F78EC-EF48-43E1-93E6-6E2589D55A7E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1750A9BD-D28E-4F95-9397-F7FC48755905}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{17A86518-9D73-481B-9E10-4471BAD121CA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{191D4081-2941-4B1C-8477-3156E1D4FA7D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1986EBFA-842D-4626-95B4-AB56D6D46433}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{19EF2D3B-5E52-437E-8414-5692763B1EF8}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1A54FBF2-B8F5-46F1-B458-1CF3E4719D21}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1B3A936D-1001-4501-BADB-751907DBEB5A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1BD6F716-1E8D-40FD-AE6B-4A379C289F70}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1C450EA7-B49B-42CE-9DD0-FA7CFBA6D7A4}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1C921DD4-1EE2-4737-A589-0FAFDFD45F46}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1D4E39C3-D885-4F71-A74F-1C8AA1023D59}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{1E4A78FB-C2FD-4BCE-9A24-3C270F326C8D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{21954453-3B32-4C23-96D5-130B43F007AA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{21D9D759-011A-4AAF-B6F0-0CD50FE3D3ED}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{21FBEECE-6DD6-44C2-9524-F45DC1E6B925}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{22C67015-A01F-4612-A53C-78C9E15A9307}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{22E65E7F-B4A2-429B-9E47-E1791278FEF4}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{23D3F299-9F77-4808-9C4B-FF7ECFFCCD40}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{24B97737-317F-407B-AB9C-B2CB569F1523}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{25BC4344-171C-4D29-8FB6-DE9F9A5107DF}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{2659EF28-4B0F-4F60-A6B3-9E5674ED7ADE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{26CACD69-7A69-46CA-999D-49C5606CFE7C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{26E2E942-B98D-4DC8-A577-6103AC498781}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{273AD06D-7CBE-4812-82AF-E558FC060E2E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{27DA48A5-E236-4183-881E-B316FA35B617}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{290A7B85-0BF4-4766-9548-F27409CD4B2B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{2A8C6CF4-2C97-4D43-9D8C-0311C859A8EC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{2AA53DA3-7E77-4891-B561-E020109B4218}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{2AFCCCCF-B003-4F87-BBD2-B8240EF164D5}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{2B563342-98D0-4E24-81AC-27A66E0D8C65}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{2BFABB82-ACEF-4369-A3A5-0951B38D9CDD}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{2E86F105-E8CB-46A2-A6EC-8956E0293EE5}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{2F0C64FF-E054-443E-BBB6-106D200D64EC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{302910B3-F89F-4E98-A812-8FB9B85C74ED}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{30826176-ECE3-41E8-943C-C5C88B8311CD}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{30A17CF4-887D-48C9-AC2E-7357D5CFF841}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{31383AA1-DB90-48A3-A8BD-FBBAC75630BC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{31383AA1-DB90-48A3-A8BD-FBBAC75630BC}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{31F1D40D-E66B-47F5-9A7C-95C734CB2192}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{328F16B4-D933-475C-9A8A-94A53B429863}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{330DDC58-A8E1-4407-90F8-8F9FCE6E6934}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{332A63E3-1A86-4DB3-AB25-C96BFF714ABC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{341CBB13-1907-4762-BD10-9ED18E1601FA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{360B5960-D761-4B48-AE86-6A8CCD7B9AD6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{3665A53E-BA1A-44B4-9B23-35DED2B50855}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{36DF42D7-CF9D-4386-8497-C841D4BBF541}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{394B5C4C-B82E-49A7-8502-089667F6C245}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{3A00AB8C-1213-4414-B273-79EF7FCC00BB}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{3BE7A571-2956-46C9-8F9D-35BD1DEFECEA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{3BFB20CB-F029-4C5D-A8C6-F6F9BFD3D19D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{3C1FF14A-1C5D-4DA5-ADD2-752A8DF712EF}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{3CFD96E4-2376-4A0C-A861-114E04E94D33}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{3FA15ABC-3442-42ED-BE11-AB5697E73D6E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4042F886-658F-4D73-9AA2-4CEFF15FA8BD}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{417DCF42-5023-44B6-8BD8-574C2F3E5429}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{418314FE-D22D-4A2C-BA17-D8535A9328A6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{41F28246-83E3-478C-9125-E3BBD78242AF}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{430E51A5-12BC-40FF-8622-80B1B44ABBC1}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{430E69FC-A696-4A56-BB6F-C6FC49E98FB6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{43611F78-C095-480A-B44D-01F7854E0EA6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4369106C-9858-4BE5-B087-795612EE901E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{43D3D8B3-6C0B-499B-B239-154FDC905688}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4412BFED-8D7A-4B71-A858-1C29EBCF64EA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4480AC0F-005D-4183-8056-5CBD6F9FA7B9}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{448DA012-6AAF-41DB-8A1A-CCD9BC4CF8E8}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4554E417-50F5-488A-8654-3187CA6E170F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4662B09B-C954-489C-9E8B-868E5DE3F0D6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{48293F36-739C-4B7F-8756-625C96E69835}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{48D71263-B8D5-48F5-9D14-D9498041E844}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{49C160FB-CA1A-408D-A3E5-F2B7390D2632}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4A8794C4-66CE-4DA6-A445-B9CE024F38F6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4AA2C0C9-A9D9-42F4-88DD-CBA9BA0DFA27}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4AC1C6F6-8CB1-4CD8-A3E7-5078994533E7}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4AC545A0-B0C2-48C0-84E7-E489182D7DC9}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4B25F377-A05D-4008-ACEF-B8D7DA70C1AD}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4CAD4C8F-5643-44F1-B6EE-760E9AC87D95}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4D2D5A80-3B48-401C-879B-35BE13076947}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4D33B1FC-62F4-4FCC-B97D-623EA895F851}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4E34F925-F371-486B-8EAC-B32691D9B123}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4E5F4F6A-F803-42C8-AE9C-2CBFCC1F68A7}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4F029EA3-561E-4629-B950-3993C41BB52C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4F4D7F9F-5418-4348-9820-2EDAC0E34234}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{4FEA6B32-949E-497E-BDA0-F6BC373E9C2B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5105C69F-6349-42E5-B756-018B20C8CF17}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{51B2E7FF-E04B-4C68-B7B7-ADBEFD048387}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{527183CD-14F1-41F1-BF51-A33C26C315EB}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{529A62FE-0C02-4139-847D-2C717F36580F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{52A38796-58C4-4428-A4C0-97BCC8FF874D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{52C49DCA-FA76-412D-B911-26002732FD17}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{52EE3D8D-AD0F-4B0A-B1F1-FBA8E6D031ED}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{52F30371-E07F-4579-9DA2-1BFECD46D80D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5352CF27-F126-4623-8371-9FF2FC92EE5F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{54440FCB-CB65-4518-B804-308C9756CF51}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{548CCA43-D36D-466C-AC57-2603D9360079}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{568FFB08-7170-4FF7-B5F6-640C9786205A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{568FFB08-7170-4FF7-B5F6-640C9786205A}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5690D675-374E-4519-B639-F3943E25A827}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{56934D97-0F90-4A94-90E1-49547E2E901A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{56BDE029-5C37-41DF-B525-D7EC96A0D1C3}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{56E745D1-D23E-4B66-BEFC-1921DC80B7A0}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5724C6A6-6699-4698-8EDC-97A0C7339E82}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5764D3DB-0194-4C3E-9561-F73478C35A72}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5764D3DB-0194-4C3E-9561-F73478C35A72}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5795A60A-C46B-4873-8AFA-A02133B97630}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{57B9302B-98A6-47D9-8789-D1E0CD39652A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{585D25CC-E71D-48C3-AC35-6308D8FBF1B7}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{58B9C7C6-3073-405B-AAB7-8DE891CC146B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{58EF62F0-3D05-4F84-A1F8-B780A56EFB59}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{594E2068-6C2A-4E16-A698-0B64B5DC53CE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5950F9ED-78DE-431E-9172-9C1824D08D71}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{59970A6E-720B-4FFA-8024-CEA21B634A17}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5AB2878E-CCD7-468F-9E8C-C8A21EA3047E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5CB9DEA6-1215-479F-9AA3-7975E95E80F5}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5CD6C008-DED4-4C01-9DBC-0075E7F527D5}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5D3E0DBB-CAE0-4990-B881-10EC2A2D5293}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5D9AC1EE-B2DC-4DBA-A37D-54D4FA321E28}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{5FC1D197-72F7-4ED1-8E80-6ACB4745FED0}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{6021F90D-B8DA-494B-A4E2-1914957AE801}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{60AE00B1-B149-4692-9565-74B42FB91FD8}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{60EB04A7-9EA6-44A9-B431-725D7C74BBCE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{639A1243-DE3E-4395-9558-EAD3B345C6E8}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{63A7A5D3-2D3A-4964-83BC-9E59A3A195CD}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{6536BA48-56C4-40A1-9C77-974D7C4F6FBE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{6835AAFE-5B72-4CC4-970D-DED2F137B0FC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{695DFDE4-9D30-4942-9A2D-282861C6233C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{6CCEDBE8-A2EE-4E26-AD35-4A0FC7F765C8}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{6F2E647A-96D5-4A9D-AB8B-3CF87406DA7E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{6F63AF5B-EB80-41E5-A697-CC778320C4ED}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{6FC6C760-F87B-4323-9B1D-23640FB253C0}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{6FD40274-88D9-48E2-8BD1-EA6A01661679}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{718C2589-957B-4946-9C46-DED26BD30A0E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{71B32184-7419-420D-B91F-DEFB345CB710}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{71B3582F-211A-41B8-A116-9112C10B4BEC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{73C32952-EC4F-4134-A83A-009013706CCB}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{73E3B80D-D028-4CA5-B62C-4C6210FD554A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{74138E35-6CC7-4BB6-B517-BD507284A05A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{76C3FA9B-133B-41E6-B2C0-5B44C376B7E9}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{7839CA5D-3146-4594-8669-E083E971A2E5}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{78553183-FE06-4A36-B298-141E8C49CF1B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{78665747-580B-4EBE-A9D4-F149D51C7378}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{78CCA11D-7286-4127-A06F-B13E0150EE7A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{791F7B03-322C-4766-B06E-304C9E65E0FA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{7AF338F1-8202-4647-869D-E92F1CE66B28}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{7B87FC15-2CE1-4458-886B-1D8854576BEE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{7D1B5CF1-123E-483E-97E6-05DD71D90F60}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{7D9E68E6-9F69-4195-A527-099D5A427F64}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{7F2E8702-1B19-40E5-9B86-F60F04DE5D02}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{7F738184-7971-40FD-BC72-1DE67B8AF1E8}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{7FFD9C27-C25A-4BB6-9341-BA146B9E4735}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{813E247E-FE5D-475D-BE0A-A7D237E01E74}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{81F65284-F285-4F48-815F-900C03965B41}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{82C33E02-D9E6-43F5-A2FD-91B9CDED988A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{82CB81CB-082E-4CB2-8315-98010CBD37E1}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{8389FD34-6163-463D-A560-9B709FCC6EF4}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{83BAD499-98A4-449D-8AEF-BB11E6581143}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{83CF7AFF-A247-4A8F-996E-319BA2F60740}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{84AF913D-C691-4639-93B4-0D5297265456}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{84EA0E0C-D33E-4F09-B3D2-37E1BBCF7EC1}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{85AFBE29-0C8F-4AD7-AC4F-46B793CED9B1}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{887E5513-0229-4FD6-AF78-C5C17C4E878C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{88B44024-ED8F-408E-83C9-1AF33C122892}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{89A91BBB-4BDF-4BC3-A98B-BA249CBA3623}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{8C35AFAA-B61B-4A7D-9056-4A9A52003C21}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{8EF3499F-9638-4DCE-9E94-64F3AD8079EA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{8F12EF04-87D2-4DC7-B0CB-B35EA05C505F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{8F32AB0A-B6AA-4051-AA20-5D03A3472E7B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{8F5C495F-54A9-4B7C-A2BC-F431CB1DE418}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{8F87EA78-D600-4A97-AAEB-0E6D8F4718B2}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{8FC6D15F-4B2D-477F-B9A2-BD38337AA4D9}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9085EF31-F8EA-4F25-8342-E87987C44D4D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{90E158AB-1DAA-4D75-9A0B-FA70C9A71C4C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9179DB57-D674-474C-AF1F-70001B65B3E6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9185A4BD-6A57-4142-BEF5-5ED5C9F7122F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{91F63999-4ED2-48A2-AE35-8CFC4BB220DC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{93D7C6BF-E3CA-4F8A-9770-9430F8F784A7}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9448AE39-669C-47B5-8EC8-1E19548C1D46}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{949B0F5F-54FD-44D9-84BB-CFF2358DF513}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{94BCBC1F-A4DC-4519-8A7A-E61093F944EA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{94E0B4E9-7B91-488E-8A42-C5988F61E02A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{94E6B64F-ED48-47B6-977A-D5CE37239094}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9554D323-F67D-4A23-996B-D10DE3920850}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9633F2FB-C4FF-4C37-B607-88D5723FCF3B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{96361DB1-742E-49DB-951E-E1AB6315C7B0}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{96F25C37-C2D4-4C19-8D6F-2D209887E5A6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{974EF636-4446-42A3-8E1F-FA79DDCD2753}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{98ACF335-C183-4170-B4D6-2EC4C2E3134B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{99801A68-4A1A-4390-951F-F13D1AFE57CE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9ADEE842-4480-4185-8233-0DC223B1ED01}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9B11C526-7BD0-43BF-A323-34ED4DD7C223}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9CFC18E0-3992-4A21-AEB9-7635D2ECD275}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9CFFD0A1-17A8-4655-AC18-241E959E70D2}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9D14C46E-2098-4EDF-BF1E-24DC38A2B7FA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9D3A00C9-7560-4626-B767-6538FBBFEEA6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9D69AA22-C28B-46FD-BA97-F7C6AF4FC963}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9D7940CA-34E6-43A2-A6C0-F1CC61B268F3}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9DB0FED0-D839-4CC2-90DD-978F96F3FD4D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9E98CCED-7FD5-4509-B8FD-30EE5E5E078E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{9EE60A7D-DB04-4FE1-85DB-469E2D019E5C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A0B5A0E4-3897-41A5-A4C7-65C836CCC433}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A1578F3E-ECDF-4CD0-8C70-0EA61DF5B4D9}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A2E2C2CD-0541-46C3-91FA-C4BF75BA085F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A4047F92-82F0-4E42-99B7-C1C5CE2D972D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A46FF5EB-391D-459A-9130-3C9908166403}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A4B22D01-28E2-4F6E-9AFF-E84E674B18AF}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A6C59B62-886C-4FA1-ACC7-9EFEC5C0E70A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A6CA9BDF-B48F-42CC-B60F-250F75EBD54C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A8145E2C-013B-4AE1-AA8F-F30AD34E8566}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A85EF6F2-71E4-44EC-9F1D-89826D2FF6DD}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A8D2D6B3-6398-4F11-B78E-999EFA2C441B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{A9CAB2DA-32D5-498C-BCCE-482835F20A26}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{AB63F401-8850-479B-985B-FCE8CD93DEEC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{ABAAFD75-1040-4AA8-AABB-9107273C4A60}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{ABB156BB-10D6-4624-B598-4C00D03FEDFE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{ABD5881E-1DF1-4EB2-B021-7AF56562C2EA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{ACF17C79-4F41-454C-951E-F397352FF8A0}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{AD3BC9E5-00FB-489C-9009-3DCC12B1B86D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{AE7B6AE7-EBAF-45A9-B587-225AC9B955B6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{AEEA3CC3-30FE-4713-A82F-C6D8C06027D1}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{AF158BD1-9FA6-45DB-9830-900FB26108B8}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{AF5AA2A0-96F8-4CD8-ABB8-E16A6AD748F7}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{AF9D8B8D-0B7E-46D0-8F12-1D6FAA589C5D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{AFC2D34D-010E-4A75-89C4-C3011E3A7212}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B0FBD61A-751F-4B23-9353-3FD4DDB2A4D4}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B18265B6-E6BA-43C7-8BBE-82A425FC23C6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B29EF1B2-CEF6-472A-80F1-CFF0D5F93B60}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B2E6AEFF-AFBE-4C02-BA87-A4D1661859DC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B32BAAD2-3F65-4B5F-B933-4AFF11CEAA40}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B3781649-8510-4A0F-B05D-8B261CBC21BA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B5216047-1CCF-4E14-B5BF-435321A3CA70}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B7523B53-E3D0-4960-946F-01AF4B02D9E8}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B95EF27E-48F9-4995-87F3-F0CC27393BA4}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B974BF04-61FB-4908-B1D2-CF8E0F207B66}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B9C1B42A-99C0-4A43-B940-B638D67E9E04}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{B9C5CCD8-F3BC-471A-81A8-60B0E944CAFA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BAAD42EE-10D5-4B80-9303-FBE795C10F71}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BC185BFE-D82B-4BEF-8987-E5B268426A2D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BC82F468-8D5D-478B-8C99-949EC9C37D83}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BCA60BC3-0226-449E-A50B-65AC5347F0F5}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BCB584EE-FCA2-4B71-8D27-64A3F5B4B61F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BDF61680-D7CF-4D6A-9F1A-2CB0C8CC0EDA}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BE29A65B-E7EC-4E25-8705-1BDE097386DC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BE3A2E4D-A6DB-4B12-800B-028977BF3CCF}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BEED7417-A8F1-44B7-B33F-0BE5C626A21B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BF284990-6DEC-4ACF-A6D7-83E05BB6816C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{BFF33F82-5A04-4ECC-BFAB-B20A13425FB4}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C03CCE37-7236-4374-9634-EC1E77165087}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C192F635-6EBE-4F20-A0A9-B05CCB57CE01}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C29D8E0E-12E8-48C2-A10F-3258026D1C2C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C318A9AF-C84F-4B66-B093-20AC344F141F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C3D1F656-9D89-4035-B1ED-35C5AA761A36}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C7874A64-B063-4E21-8180-B90FBCD01954}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C78D358D-5931-4CBE-999D-4E0F5208ADB3}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C7DBC9FF-649D-459B-BE25-B9A3125D112E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C84ECCDE-E474-4729-9729-E15A5E0F374E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C92B1FC8-7170-4EEB-95F5-35D981A61E7C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C92E7DAD-0DFF-451E-82C9-6363C20756F0}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{C9C281A1-8D83-4B22-9D2B-9FB42B846679}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CB13AE1E-607F-48E8-944A-C98CD516BD4F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CB17A372-909D-4A14-8810-655419393F53}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CB4C50E6-954D-4736-98E2-502CF0D2456F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CB63DF73-2234-4571-92BC-85FBC9F67CCE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CBE413D8-37C2-48BF-8025-CF8A5A625599}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CCA6CC1E-2422-4A54-91BB-BF46174F622C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CD1D9F4D-F8A8-42ED-A225-2A74E172908F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CE8AF608-6A29-4BE7-82E7-AE4F1CCF1771}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CEA4AE4D-0C0D-43AD-A0A1-C269B64DD1FC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CEA86030-2AE1-4D2F-9B95-EB03CAAB4B1D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CEB8A19F-9C4B-4567-AAD7-D7F6EDED7464}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{CF6CCB03-8634-4752-A888-8FA683D95FF0}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D02257E0-46D9-4937-95C0-5F98F305E1B7}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D150634E-FF8E-41D1-9D7C-E844E508E655}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D264A60C-0C4B-4619-9261-ACA4C18F976B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D2EEEE1B-1B95-41DB-A6C8-D51C7143E3A6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D35D7839-1F10-4F15-931E-721103227F9C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D5851643-14B1-416B-AA4F-36F472A4ADBE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D5F9B5BE-E2FB-4DE6-A5C2-A034BA22C05B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D7EF5B10-B23C-4C4C-AEA4-DE665B413335}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D8238BB0-364D-4F04-8A2C-67E98687BD6C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{D9130E13-9BDA-483B-92DD-924273A1E13B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DA225612-5593-43CE-92C7-0579759F8419}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DA5E92CC-9E8A-48BC-9AFE-9BCEB3E6F292}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DC006908-1AE5-4CBF-8C1E-70003862D78D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DC0EDD9D-49E3-485B-97CB-A0074DBF1268}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DC99A200-128C-4DE9-BB6F-63EE170E2D6B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DD7716AB-455A-4DD9-AEFE-6F605DCD6C9A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DDD061E4-AFD2-40C8-A581-537B172E17B5}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DE381838-DA12-493C-922F-D8CB6940D7AF}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DECA272B-22BF-4EA8-9C0E-3A0A0BB9CD7C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DF3BEA7E-3659-49B8-AFEB-CB6FEF200DF5}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{DFFC49CD-8B1C-46F1-A591-4A2E4997F514}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E10DC97F-7EB5-4A31-8546-8FC7E0343CCC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E2DBAC47-89D9-4450-BD61-48B51D3A8731}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E30630C6-6A8B-492D-958C-FE5065AF392B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E37995D2-1679-4AB5-B046-5CA29DE6119B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E4016207-DEA4-4032-999F-27DF0C8387FE}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E408C383-A9B9-4E2A-B23C-B85B17AD3320}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E44D0A60-785E-41B6-A6EA-7456341CD0B0}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E46F31B1-0DAD-4BBF-B51D-7E3B1EE1D43B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E4879C87-4923-425C-B898-9720087F452F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E767D51A-65CE-4803-90D3-737AF620E194}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E7C83C64-8941-4317-98F5-C31DDCE3BA65}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E81D51D7-5358-45DB-BE3F-24E640A2E1AC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E8CC822C-080F-40AF-95DB-ECA423B1E07E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E8D70E48-DE23-4828-A15B-1E2AB0B536D2}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E9514578-9EF1-4200-A085-D7AF589A1AAC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E9514578-9EF1-4200-A085-D7AF589A1AAC}.DAT Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E9CF49A4-FB5D-4ECA-A4FF-96085012812A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{E9E36431-613D-40C3-B485-575FA18983F7}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{EA5A608F-4C12-4D5A-B0F2-D27158DC1CE0}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{EA9524F9-F9C1-42BB-8791-4FBFCF684277}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{EAB12092-50DD-4FDC-A12E-0D046E86B943}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{EC8E51FE-45E4-41E5-A652-18187B6A0FF1}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{ECB78E4F-B2CE-43C2-8336-E9D8438ADF37}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{ED526757-FE2F-4BE6-8C6E-314218763B76}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{ED848364-6CA9-4878-B51D-4AE1128E483A}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{EE14CC3A-C7C1-40F3-B777-F91F247D8A24}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{EE239B2D-8D5E-4C9A-A264-0B2AC5ED1A94}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{EE42C7BD-B87D-4821-AB8D-B70B4704AE44}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{EFB202B6-3D42-4146-8B49-EFD05A16079B}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{EFF36C07-1A66-418E-832A-CB549719C997}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F0826109-ED0D-471E-ACD1-BFF0A934BD7C}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F28F391F-028A-43A6-A258-113D29F1E80E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F4185AED-C32D-4F78-8DB1-C7A482AE257D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F42DDC49-8E93-47C7-ABBF-9EA15BA0656D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F53D1030-8981-4D86-8FBF-020D742E35B3}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F551E6B6-D2A1-4F6D-B12F-F4859B543766}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F68843EF-6E5E-48FB-97CA-A78E05BF9C7F}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F7A625DF-A6E8-4D2D-B324-6243E7BA506E}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{F8E36B2B-8B8E-4161-AE58-75CEBE400720}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FAA9D50E-02AA-4A50-A1E6-F2A5FFEEBB49}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FB73422C-0EB3-4292-B84B-26C1BA9FD1C7}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FD7B635A-1973-43E0-866E-917C4E371EA2}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FDE32753-6A65-49BE-B92A-9803188BC9DF}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FE0A5142-1B50-4068-B49E-74ADE4A4BC80}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FE2D7AA3-9E33-47DF-8819-F93F6A612A5D}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FE7016F8-57C2-4EB0-AB34-DD4BA4F1D526}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FE83BA8C-B477-4A10-A1D9-D249039B38B6}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FECA600D-A5AF-48AC-9D30-9ABB916B3D56}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FF329076-6AED-4664-B252-EFCF34E8E9EC}.BAK Object is locked skipped
C:\ProgramData\Symantec\Common Client\{FF97432F-9F9E-48D4-B3CE-ED0B1BA1A420}.BAK Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2008-05-18_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\Shl_{58AAEF31-6831-41B7-A95F-77004AF407EB}.ldb Object is locked skipped
C:\ProgramData\Symantec\SPBBC\Shl_{58AAEF31-6831-41B7-A95F-77004AF407EB}.sds Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7b6648db1a8e0b47f3909e331c543726_7b2cba51-9c2c-4b47-be76-03bc0cc8b99c Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ca2e4766884465d9fd68e05e809b33ac_7b2cba51-9c2c-4b47-be76-03bc0cc8b99c Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dcef218e58603cd440a575a0fb8e1c05_7b2cba51-9c2c-4b47-be76-03bc0cc8b99c Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog13.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog14.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog16.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog17.sqm Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Mcx1.dat Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\ProgramData\Sophos\Sophos Anti-Virus\Temp\dab6006b.$$$ Infected: not-a-virus:AdWare.Win32.Agent.jb skipped
C:\Users\chris\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF1WZ77I\iddqd[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.rsp skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\UsrClass.dat{be8685cd-7717-11dc-8712-0016d35a5b63}.TM.blf Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\UsrClass.dat{be8685cd-7717-11dc-8712-0016d35a5b63}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows\UsrClass.dat{be8685cd-7717-11dc-8712-0016d35a5b63}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows Defender\FileTracker\{8CD702CE-CAD6-4AF0-A1AF-5B569E99CEEA} Object is locked skipped
C:\Users\chris\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\chris\AppData\Roaming\microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\chris\AppData\Roaming\microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\chris\AppData\Roaming\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped
C:\Users\chris\Desktop\dance\destination calabria club mix.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Users\chris\NTUSER.DAT Object is locked skipped
C:\Users\chris\ntuser.dat.LOG1 Object is locked skipped
C:\Users\chris\ntuser.dat.LOG2 Object is locked skipped
C:\Users\chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Installer\MSI4BB2.tmp Object is locked skipped
C:\Windows\Installer\MSI91FE.tmp Object is locked skipped
C:\Windows\Installer\MSIB933.tmp Object is locked skipped
C:\Windows\Installer\MSIC3DD.tmp Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\Norton SystemWorks One Button Checkup.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\JET866D.tmp Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
C:\_OTMoveIt\MovedFiles\05172008_140621\Windows\system32\awtTlIxW.dll Infected: Trojan-Downloader.Win32.ConHook.pr skipped

Scan process completed.

[tetonbob]

Hi -

You've posted the log from kaspersky online scanner, not the newest log from OTMoveIt.

That log should be located here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Also, I asked in my last post if you could be more specific regarding:

Quote:

another question.. would it be better to leave the antispyware on the laptop , or uninstall them?

Which ones?

[chrispeters]

sorry about dat,
i was taking about ,'spybot','malwarebytes anti mailware', mbam-setup.exe, OTMoveIt2.exe, ComboFix.exe.exe, dss.exe , and SpywareBlaster

here is the log

C:\ProgramData\Sophos\Sophos Anti-Virus\Temp\dab6006b.$$$ moved successfully.
< C:\Users\chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF1WZ77I\iddqd[1] >
C:\Users\chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF1WZ77I\iddqd[1] moved successfully.
C:\Users\chris\Desktop\dance\destination calabria club mix.mp3 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05192008_112921

[tetonbob]

OK, great.

Some items we will be deleting.

Spybot S&D, and Malwarebytes' Antimalware would be good applications to keep, update, and run scans with once in a while.

Spywareblaster is a nice application to keep, as it protects the machine and uses little in the way of system resources. Update it every other week or so, and then enable the new protection definitions, as outlined in this tutorial:

http://www.techsupportforum.com/cont...ticles/41.html

mbam-setup.exe can be deleted

OTMoveIt2.exe, ComboFix.exe, dss.exe will be removed using the following procedures:

Your logs appear clean.You should be good to go. We still have a few items to address.

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

===========================================

Please right click on OTMoveit2.exe and select "Run as an Administrator" to run it. Click on the Cleanup button. Follow the prompts. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. The system may require a reboot to complete this step. Please allow it.

===========================================

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs:

• Microsoft Windows Update - http://www.windowsupdate.com
  Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    
  • Once updated you should see another prompt that the task was completed.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.

• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• MAKING INTERNET EXPLORER SAFER

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.