help needed

[johnmci123]

firstly thanks for looking,

i have been having trouble with pc for number of weeks now, im very computer literate as im doing a degree in the subject, but bneed some advice,

i started getting constant virus attacks, which avg kept telling me about, every time i delete them they just repopulate, so i get annoying messages  quite often, the computer was rebooting and i was getting the blue screen sometimes, and when rebooted it would come back on, so i found msn messanger beta was the fault for that.

the trouble is i dont have the time to reinstall everything on the pc as im busy with it for study, any help would be greatly apreciated, system restore fails to work when i tried it also, no matter which piont i chose.


here is my HJT log, thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:54, on 02/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {435D08DD-665E-474F-B977-5EE75A2BDCB2} - C:\WINDOWS\system32\vtuvwxw.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://66.98.196.24/DGTx.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: vtuvwxw - C:\WINDOWS\SYSTEM32\vtuvwxw.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 6421 bytes

[guestolo]

Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
It's default location is C:\Combofix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back the combofix log please

[johnmci123]

[quote name=\'guestolo\' post=\'402297\' date=\'Nov 2 2007, 11:55 AM\']Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
It's default location is C:\Combofix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back the combofix log please[/quote]


thanks for time and effort, much appreciated.
here is the log you requested, also, i had lots of virus alerts from avg one after the other while combofix was working, all of which i moved to vault. also , and an error message request to microsoft about something, i never sent it.
ComboFix 07-11-01.1 - john 2007-11-02 18:43:14.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1509 [GMT 0:00]
Running from: C:\Documents and Settings\john\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\FunWebProducts
C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmnooom.dll
C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssqqrrr.dll
C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\sstqq.dll
C:\WINDOWS\system32\ttvwa.bak1
C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtuvwxw.dll

.
(((((((((((((((((((((((((   Files Created from 2007-10-02 to 2007-11-02  )))))))))))))))))))))))))))))))
.

2007-11-02 18:42 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-02 11:28 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-01 23:32 <DIR> d-------- C:\Program Files\MSN Messenger
2007-10-30 17:48 <DIR> d-------- C:\Program Files\Skyline Screensaver
2007-10-28 15:06 <DIR> d-------- C:\Program Files\Disc2Phone
2007-10-28 14:53 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-10-24 12:51 <DIR> d-------- C:\WINDOWS\Cameleon Clock
2007-10-24 12:51 <DIR> d-------- C:\Program Files\Cameleon Clock
2007-10-23 15:12 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-10-23 15:12 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2007-10-23 15:12 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-10-23 04:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\tcpIQ
2007-10-23 02:12 <DIR> d-------- C:\Program Files\SiSoftware
2007-10-23 02:00 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-10-22 23:48 25,600 --a------ C:\WINDOWS\system32\drivers\hidbth.sys
2007-10-22 23:48 25,600 --a--c--- C:\WINDOWS\system32\dllcache\hidbth.sys
2007-10-22 23:48 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-10-22 23:48 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-10-22 23:17 <DIR> d-------- C:\Documents and Settings\john\Application Data\Printer Info Cache
2007-10-22 23:17 <DIR> d-------- C:\Documents and Settings\john\Application Data\Image Zone Express
2007-10-21 17:16 <DIR> d-------- C:\Program Files\Microsoft Virtual PC
2007-10-21 17:00 <DIR> d-------- C:\Program Files\RMClock
2007-10-21 16:59 <DIR> d-------- C:\WINDOWS\CPU & Ram Meter
2007-10-21 16:59 <DIR> d-------- C:\Program Files\CPU & Ram Meter
2007-10-21 16:53 <DIR> d-------- C:\Program Files\tcpIQ
2007-10-21 16:52 <DIR> d-------- C:\Program Files\Cablenut
2007-10-21 16:08 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2007-10-21 16:08 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2007-10-21 15:44 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-10-21 15:44 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys
2007-10-19 00:41 <DIR> d-------- C:\Documents and Settings\john\Application Data\Skype
2007-10-19 00:40 <DIR> d-------- C:\Program Files\Skype
2007-10-19 00:40 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-19 00:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-18 22:20 <DIR> d-------- C:\Program Files\PowerISO
2007-10-18 15:29 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-10-18 15:29 274,304 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2007-10-18 15:29 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-10-18 15:29 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
2007-10-18 14:48 <DIR> d-------- C:\Program Files\Allok RM RMVB to AVI MPEG DVD Converter
2007-10-18 10:27 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-10-18 10:26 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-18 10:26 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-18 10:26 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-10-17 10:40 <DIR> d-------- C:\Program Files\SpeedFan
2007-10-16 16:46 <DIR> d-------- C:\Documents and Settings\john\Application Data\Media Player Classic
2007-10-12 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-12 21:54 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-10-12 17:29 <DIR> d-------- C:\WINDOWS\pss
2007-10-12 11:12 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-11 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-10-11 15:41 <DIR> d-------- C:\temp
2007-10-11 15:41 <DIR> d-------- C:\HP
2007-10-11 15:41 19,072 --a------ C:\WINDOWS\system32\drivers\PS2.sys
2007-10-11 15:37 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-10-11 15:00 <DIR> d-------- C:\Program Files\uTorrent
2007-10-11 15:00 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-10-11 15:00 <DIR> d-------- C:\Documents and Settings\john\Application Data\uTorrent
2007-10-11 14:55 <DIR> d-------- C:\World of Warcraft
2007-10-11 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2007-10-11 14:37 <DIR> d-------- C:\Documents and Settings\john\Application Data\HP
2007-10-11 14:36 <DIR> d-------- C:\Program Files\Common Files\HP
2007-10-11 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2007-10-11 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-10-11 14:35 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-10-11 14:35 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-10-11 14:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-10-11 14:35 258,048 -ra------ C:\WINDOWS\system32\hpzids01.dll
2007-10-11 14:35 117,760 --a------ C:\WINDOWS\system32\hpzll4v2.dll
2007-10-11 14:35 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-10-11 14:35 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-10-11 14:34 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll
2007-10-11 14:34 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll
2007-10-11 14:34 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2007-10-11 14:34 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2007-10-11 14:34 294,912 -ra------ C:\WINDOWS\system32\hpovst10.dll
2007-10-11 14:34 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2007-10-11 14:34 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-10-11 14:34 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-10-11 14:30 <DIR> d-------- C:\Program Files\HP
2007-10-11 14:30 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-10-11 14:30 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-11 14:30 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-11 14:30 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-10-11 14:27 130,958 --a------ C:\WINDOWS\hpoins12.dat
2007-10-11 14:27 1,470 --------- C:\WINDOWS\hpomdl12.dat
2007-10-11 14:01 <DIR> d-------- C:\Program Files\Serif
2007-10-11 14:01 21,008 --a------ C:\WINDOWS\system32\CTL3D.DLL
2007-10-11 13:49 <DIR> d-------- C:\Documents and Settings\john\Application Data\Ahead
2007-10-11 13:47 <DIR> d-------- C:\Program Files\Nero
2007-10-11 13:47 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-11 13:45 <DIR> d-------- C:\Documents and Settings\john\Application Data\vlc
2007-10-11 13:44 <DIR> d-------- C:\Program Files\VideoLAN
2007-10-11 13:18 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-10-11 13:15 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-10-11 13:15 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-10-11 13:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-10-11 12:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-11 12:52 <DIR> d-------- C:\Documents and Settings\john\Contacts
2007-10-11 12:51 <DIR> d-------- C:\Program Files\Windows Live

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-11 14:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-11 11:58 --------- d-----w C:\Program Files\Google
2007-10-11 11:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-11 11:37 61,440 ----a-w C:\WINDOWS\system32\vuins32.dll
2007-10-11 11:37 43,008 ----a-w C:\WINDOWS\system32\drivers\fetnd5bv.sys
2007-10-11 11:35 --------- d-----w C:\Program Files\Realtek
2007-10-11 11:21 --------- d-----w C:\Program Files\VIA
2007-10-11 11:09 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-11 11:03 --------- d-----w C:\Program Files\microsoft frontpage
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-13 17:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2007-08-13 17:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2007-08-13 17:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2007-08-13 17:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2007-08-13 17:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2007-08-13 17:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2007-08-13 17:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2007-08-13 17:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2007-08-13 17:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 15:58 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-08 13:54]
"nwiz"="nwiz.exe" [2006-08-08 13:54 C:\WINDOWS\system32\nwiz.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-23 14:30]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 13:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvtt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^john^Start Menu^Programs^Startup^CPU & Ram Meter.lnk]
backup=C:\WINDOWS\pss\CPU & Ram Meter.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys
S3 RTCore32;RTCore32;\??\C:\Program Files\RMClock\RTCore32.sys
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-02 18:46:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-02 18:47:27 - machine was rebooted
.
 --- E O F ---

[guestolo]

That looks good
Can you do the following for me please

Supply the below information
Create a .bat file for me
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as export.bat

Save this file on the desktop

 

Code: [Select]

regedit /e Export.txt "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa"

Double click on export.bat
A text file called Export.txt will appear on desktop
Copy>>paste back here the contents please

In addition, can you supply the following

1. Post a fresh hijackthis log
2. Post an uninstall list from hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

[johnmci123]

[quote name=\'guestolo\' post=\'402339\' date=\'Nov 2 2007, 07:21 PM\']That looks good
Can you do the following for me please

Supply the below information
Create a .bat file for me
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as export.bat

Save this file on the desktop

Code: [Select]

regedit /e Export.txt "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa"

Double click on export.bat
A text file called Export.txt will appear on desktop
Copy>>paste back here the contents please

In addition, can you supply the following

1. Post a fresh hijackthis log
2. Post an uninstall list from hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents[/quote]

again many thanks for speedy reply, first log to follow then others as requested.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,43,\
  00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,\
  73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,61,00,77,00,76,00,74,00,74,00,2e,\
  00,64,00,6c,00,6c,00,00,00,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,00,\
  00,6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,73,00,63,00,68,00,61,00,6e,00,\
  6e,00,65,00,6c,00,00,00,77,00,64,00,69,00,67,00,65,00,73,00,74,00,00,00,00,\
  00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"LsaPid"=dword:000003b0
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00
"enabledcom"="y"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders]
"ProviderOrder"=hex(7):57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,4e,00,\
  54,00,20,00,41,00,63,00,63,00,65,00,73,00,73,00,20,00,50,00,72,00,6f,00,76,\
  00,69,00,64,00,65,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  6e,00,74,00,6d,00,61,00,72,00,74,00,61,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data]
"Pattern"=hex:6c,0b,bb,49,7d,43,ae,f5,89,7a,10,2e,c1,ab,45,c1,66,31,35,34,61,\
  36,33,38,00,fd,07,00,67,49,00,00,34,fa,07,00,56,82,7c,75,20,fa,07,00,40,fd,\
  07,00,4c,fd,07,00,42,84,f0,98,fe,82,54,17,be,b2,84,f1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG]
"GrafBlumGroup"=hex:60,59,37,6b,3c,ea,67,ae,66

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD]
"Lookup"=hex:03,32,dc,8e,b5,f6

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1]
"SkewMatrix"=hex:88,f1,a6,c8,74,bb,7e,56,96,81,18,16,ba,f1,71,7b

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache]
"Time"=hex:4a,0d,ba,12,fc,0b,c8,01

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,e0,60,91,1a,7a,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,e0,60,91,1a,7a,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,e0,60,91,1a,7a,c4,01
"Type"=dword:00000031

fresh HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:19, on 02/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://66.98.196.24/DGTx.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 6231 bytes

uninstall log

32 Bit HP CIO Components Installer
Adobe Reader 7.0.8
Allok RM RMVB to AVI MPEG DVD Converter 1.3.4
Ashampoo Burning Studio 6
Ashampoo FireWall 1.20
Ashampoo Music Studio 2007
AVG 7.5
AVG Anti-Spyware 7.5
Cablenut 4.08
Cameleon Clock
CPU & Ram Meter
Disc2Phone
Enhanced Multimedia Keyboard Solution
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
HP Customer Participation Program 8.0
HP Deskjet All-In-One Software 8.0
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Solution Center 8.0
HP Update
HPSSupply
K-Lite Mega Codec Pack 1.53
Line Speed Meter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Project Standard 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2007
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 7 Premium
PowerISO
Realtek High Definition Audio Driver
Registry Mechanic 6.0
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Serif DrawPlus 6.0
SiSoftware Sandra Lite XIIc
Skyline Screensaver
Skypeâ„¢ 3.5
SpeedFan (remove only)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VideoLAN VLC media player 0.8.6c
Windows Desktop Search 3.01
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery Beta
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinFast® Display Driver
World of Warcraft

there you go!

[guestolo]

Since you know your way around the computer
Can I have you manually edit the registry please

Go to START>>RUN>>type in regedit
Hit OK

Navigate to this key
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

By doing the following
Expand
(+)HKEY_LOCAL_MACHINE
(+)system
(+)currentcontrolset
(+)control

Left click once on lsa on the left to highlight it
On the right hand side look for
Authentication Packages

Double click on Authentication Packages to open
Under Value Data it should Only look like the following

msv1_0

Leave only that above entry but remove the aftertext
C:\WINDOWS\system32\awvtt.dll <-remove this
Ok and exit out of the registry editor

Do a "System scan only" with Hijackthis and put a check next to these entries:

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://66.98.196.24/DGTx.CAB


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer

Back in Windows
 I suggest that you do the following
add SpywareBlaster to your protection software

SpywareBlaster 3.5.1 by JavaCool  

*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer

After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

Post one last fresh hijackthis log and let me know how things are running please

[johnmci123]

[quote name=\'guestolo\' post=\'402350\' date=\'Nov 2 2007, 08:00 PM\']Since you know your way around the computer
Can I have you manually edit the registry please

Go to START>>RUN>>type in regedit
Hit OK

Navigate to this key
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

By doing the following
Expand
(+)HKEY_LOCAL_MACHINE
(+)system
(+)currentcontrolset
(+)control

Left click once on lsa on the left to highlight it
On the right hand side look for
Authentication Packages

Double click on Authentication Packages to open
Under Value Data it should Only look like the following

msv1_0

Leave only that above entry but remove the aftertext
C:\WINDOWS\system32\awvtt.dll <-remove this
Ok and exit out of the registry editor

Do a "System scan only" with Hijackthis and put a check next to these entries:

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://66.98.196.24/DGTx.CAB


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer

Back in Windows
I suggest that you do the following
add SpywareBlaster to your protection software

SpywareBlaster 3.5.1 by JavaCool

*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer

After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

Post one last fresh hijackthis log and let me know how things are running please[/quote]


her you go  again, thanks for your help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:46:09, on 02/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 6006 bytes


shall i do virus scan perhaps

[guestolo]

shall i do virus scan perhaps

Your log looks good
However, it's not a bad idea

I use AVG on one of my computers, BUT
I still like a second opinion once in awhile

Why not try an online virus scan
First, I disable AVG realtime scanner
Double click the AVG icon by the clock
Right click Resident Shield
Select Properties>>UNCHECK "Turn on AVG Resident Shield Protection"
Apply it and close AVG
Close the prompts by Windows Security Center

Using browser Internet Explorer
Run an online virus scan at [color=\"#2E8B57\"]Kaspersky's[/color]
At the link click the button Kaspersky Online Scanner
Accept the prompt at the Welcome screen
You will be promted to install an ActiveX component from Kaspersky, Click Yes.

   

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
     
     
  
• Now under select a target to scan:

            Select My Computer
   

• This program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.

        ***Now click on the Save as Text button:
   

• Save the file to your desktop.

Post back that report please

Reactivate AVG realtime protection also

[johnmci123]

[quote name=\'guestolo\' post=\'402368\' date=\'Nov 2 2007, 08:57 PM\']Your log looks good
However, it's not a bad idea

I use AVG on one of my computers, BUT
I still like a second opinion once in awhile

Why not try an online virus scan
First, I disable AVG realtime scanner
Double click the AVG icon by the clock
Right click Resident Shield
Select Properties>>UNCHECK "Turn on AVG Resident Shield Protection"
Apply it and close AVG
Close the prompts by Windows Security Center

Using browser Internet Explorer
Run an online virus scan at [color=\"#2e8b57\"]Kaspersky's[/color]
At the link click the button Kaspersky Online Scanner
Accept the prompt at the Welcome screen
You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now under select a target to scan:

Select My Computer

• This program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.

***Now click on the Save as Text button:

• Save the file to your desktop.

Post back that report please

Reactivate AVG realtime protection also[/quote]

i have a dual boot on my other system one with norton on a drive and avg on other, this system im on has not got a second drive but when i put dual boot i find that running one on each is much more efficient, ill do that but have to head to work will get have to get back to you, thanks for help so far, its been very informative for me.

[johnmci123]

[quote name=\'johnmci123\' post=\'402372\' date=\'Nov 2 2007, 09:11 PM\']i have a dual boot on my other system one with norton on a drive and avg on other, this system im on has not got a second drive but when i put dual boot i find that running one on each is much more efficient, ill do that but have to head to work will get have to get back to you, thanks for help so far, its been very informative for me.[/quote]

i ran avg scan on full system before foing the kaspersky online scan, while doing the scan on my computer i .avg started showing most viruses that i have been presented with at one so far. all of which were in " c:/system volume information/_restore{CDFAD6EB-F95D-42BE-B02C-DABD38276C4E}\RP75\A00#####.dll" the hash indecates random numbers which differ on each.


log from kaspersky to follow

[johnmci123]

-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Saturday, November 03, 2007 2:11:27 AM
 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update:  3/11/2007
 Kaspersky Anti-Virus database records: 450652
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   C:\
   D:\
   E:\

Scan Statistics:
   Total number of scanned objects: 40439
   Number of viruses found: 3
   Number of infected objects: 13
   Number of suspicious objects: 0
   Duration of the scan process: 00:17:14

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.Crwl   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.gthr   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010001.wid   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010002.wid   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010003.wid   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010004.wid   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010005.wid   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010006.wid   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010007.wid   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010008.wid   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010009.wid   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles001000F.wid   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010013.wid   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010017.ci   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010017.wid   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010017.wsb   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy5.gthr   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf3.tmp   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf4.tmp   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_844.dat   Object is locked   skipped
C:\Documents and Settings\john\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Messenger\bighairymoomooEmail Removed\SharingMetadata\Logs\Dfsr00005.log   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Messenger\bighairymoomooEmail Removed\SharingMetadata\pending.dat   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Messenger\bighairymoomooEmail Removed\SharingMetadata\Working\database_5630_4FB6_304F_9BBD\dfsr.db   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Messenger\bighairymoomooEmail Removed\SharingMetadata\Working\database_5630_4FB6_304F_9BBD\fsr.log   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Messenger\bighairymoomooEmail Removed\SharingMetadata\Working\database_5630_4FB6_304F_9BBD\fsrtmp.log   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Messenger\bighairymoomooEmail Removed\SharingMetadata\Working\database_5630_4FB6_304F_9BBD\tmp.edb   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Windows Live Contacts\bighairymoomooEmail Removed\real\members.stg   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Windows Live Contacts\bighairymoomooEmail Removed\shadow\members.stg   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\History\History.IE5\MSHist012007110320071104\index.dat   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\Temp\~DF5D24.tmp   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\Temp\~DF5E3B.tmp   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\Temp\~DFCABB.tmp   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\Temp\~DFCCC1.tmp   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\Temp\~DFE98D.tmp   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\Temp\~DFE99B.tmp   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat   Object is locked   skipped
C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\john\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\john\NTUSER.DAT.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG   Object is locked   skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\pmnooom.dll.vir   Infected: Trojan-PSW.Win32.OnLineGames.bmm   skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ssqqrrr.dll.vir   Infected: Trojan-PSW.Win32.OnLineGames.bmm   skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\vtuvwxw.dll.vir   Infected: Trojan-PSW.Win32.OnLineGames.bmm   skipped
C:\qoobox\Quarantine\catchme2007-11-02_184632.09.zip/vtuvwxw.dll   Infected: Trojan-PSW.Win32.OnLineGames.bmm   skipped
C:\qoobox\Quarantine\catchme2007-11-02_184632.09.zip/vtuvwxw.dll.1   Infected: Trojan-PSW.Win32.OnLineGames.bmm   skipped
C:\qoobox\Quarantine\catchme2007-11-02_184632.09.zip   ZIP: infected - 2   skipped
C:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP45\A0010386.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP45\A0010387.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP45\A0010388.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP45\A0010389.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP46\A0010421.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP46\A0010422.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP46\A0010423.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP46\A0010424.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP46\A0010425.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP46\A0010426.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP46\A0010427.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP46\A0010428.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP46\A0010429.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP46\A0010430.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP46\A0010431.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP46\A0010432.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP46\A0010433.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP48\A0011995.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP48\A0012025.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP48\A0012026.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP53\A0015291.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP53\A0015292.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP53\A0015293.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP53\A0015294.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP53\A0015295.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP53\A0015296.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP55\A0017342.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP55\A0017343.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP55\A0017389.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP55\A0017390.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP55\A0017391.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP55\A0017392.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP55\A0017393.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP55\A0017394.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP55\A0017395.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP55\A0017407.DLL   Infected: not-a-virus:AdWare.Win32.FunWeb.e   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP55\A0017467.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP55\A0017468.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP55\A0017469.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP56\A0019515.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP56\A0019516.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP56\A0019517.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP56\A0019518.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP56\A0019519.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP56\A0019520.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP56\A0020542.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP64\A0026729.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP64\A0026730.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP64\A0026731.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP64\A0026732.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP64\A0026733.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP64\A0026734.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP64\A0027749.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP75\A0031951.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP75\A0031952.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP75\A0031953.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP75\A0031954.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP75\A0031955.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP75\A0031956.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP75\A0031957.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP75\A0031958.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP75\A0031961.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP75\A0031962.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP75\A0031963.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP75\A0031964.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP75\A0031965.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP75\A0031967.dll   Infected: Trojan-PSW.Win32.OnLineGames.bmm   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP75\A0031968.dll   Infected: Trojan-PSW.Win32.OnLineGames.bmm   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP75\A0031969.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP75\A0031970.dll   Object is locked   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP75\A0031974.dll   Infected: Trojan-PSW.Win32.OnLineGames.bmm   skipped
C:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP76\change.log   Object is locked   skipped
C:\WINDOWS\Debug\PASSWD.LOG   Object is locked   skipped
C:\WINDOWS\SchedLgU.Txt   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\WINDOWS\Sti_Trace.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\edb.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb   Object is locked   skipped
C:\WINDOWS\system32\config\AppEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\default   Object is locked   skipped
C:\WINDOWS\system32\config\default.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\Internet.evt   Object is locked   skipped
C:\WINDOWS\system32\config\SAM   Object is locked   skipped
C:\WINDOWS\system32\config\SAM.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SecEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\software   Object is locked   skipped
C:\WINDOWS\system32\config\software.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SysEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\system   Object is locked   skipped
C:\WINDOWS\system32\config\system.LOG   Object is locked   skipped
C:\WINDOWS\system32\h323log.txt   Object is locked   skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP   Object is locked   skipped
C:\WINDOWS\wiadebug.log   Object is locked   skipped
C:\WINDOWS\wiaservc.log   Object is locked   skipped
C:\WINDOWS\WindowsUpdate.log   Object is locked   skipped
D:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
D:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP50\A0013081.exe/stream/Script   Infected: Trojan-Dropper.Win32.Agent.btr   skipped
D:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP50\A0013081.exe/stream   Infected: Trojan-Dropper.Win32.Agent.btr   skipped
D:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP50\A0013081.exe   NSIS: infected - 2   skipped
D:\System Volume Information\_restore{CDFAD6EB-F95D-42BE-B02C-DABD3827C64E}\RP76\change.log   Object is locked   skipped

Scan process completed.

note during this scan multi viruses moved to vault by avg.

[guestolo]

Everything looks good
Concerning entries in this folder
C:\qoobox
That was created by combofix and moved bad files to it's directory

Let's remove that right now
Go to START>>RUN>>Copy and paste the next command to the open field

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files

i ran avg scan on full system before foing the kaspersky online scan, while doing the scan on my computer i .avg started showing most viruses that i have been presented with at one so far. all of which were in " c:/system volume information/_restore{CDFAD6EB-F95D-42BE-B02C-DABD38276C4E}\RP75\A00#####.dll" the hash indecates random numbers which differ on each.

Let's deal with that right now also
These are files in your system restore folders
Harmless, unless you restore to an infected point
Please do the following
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Create a New restore point
Give it a name and click Create
Windows will prompt when it has been successful created
When that's done

Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating

Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made

Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning

The rest looks good
You can empty AVG Virus vault if there is no need to restore any entries
Hope that helps  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

[johnmci123]

every thing is running well done another avg scan, also restore and cleanup as requested.
thank you for all your help, you are a credit to your profession.

when i first got a pc, before a started my studies i tried a forum like this one for help with issues i had, and i found them to not respond well and in most cases not at all, this is meen the best that i have found and i will be insuring to tell others of the great service provided to me. I also found some of the steps very infomative and great exercize for the mind and help to home my pc skills further. The help recieved has saved me from having to put a clean install and lots of software re-installs, not to mention saved me from starting WOW from scratch and that perticular install takes forever due to patches,lol

i plan to donate come payday at end of month , and hopefully not need your services for a while, but who knows!

[guestolo]

Glad to help
As your problems appear resolved, I'll lock this topic
Take care johnmci123  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />