Here are all fresh reports including kapersky:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:40 PM, on 2/22/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199224386\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} -
http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} -
http://www.freeietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone:
http://*.mcafee.comO16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -
http://zone.msn.com/binFrameWork/v10/St ... b55579.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) -
http://zone.msn.com/bingame/trix/defaul ... 0.0.87.cabO16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) -
http://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cabO16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -
http://zone.msn.com/binframework/v10/ZP ... b55579.cabO16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} -
http://mediaplayer.walmart.com/installer/install.cabO16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) -
http://zone.msn.com/bingame/zpagames/zp ... b55579.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v ... b56649.cabO16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) -
http://zone.msn.com/binframework/v10/St ... b55579.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://zone.msn.com/bingame/popcaploader_v10.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12177 bytes
ComboFix 08-02-22.3 - Robin 2008-02-23 14:41:29.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1653 [GMT -5:00]
Running from: C:\Users\Robin\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.
2008-02-22 19:55 . 2007-09-17 14:31 1,126,072 --a------ C:\Windows\System32\drivers\vsapint.sys
2008-02-22 19:55 . 2006-08-29 15:55 279,880 --a------ C:\Windows\System32\drivers\TM_CFW.sys
2008-02-22 19:55 . 2007-09-17 14:40 202,768 --a------ C:\Windows\System32\drivers\tmxpflt.sys
2008-02-22 19:55 . 2006-08-29 15:55 73,160 --a------ C:\Windows\System32\drivers\tmtdi.sys
2008-02-22 19:55 . 2007-09-17 14:40 35,856 --a------ C:\Windows\System32\drivers\tmpreflt.sys
2008-02-22 19:54 . 2008-02-22 19:56 <DIR> d-------- C:\Users\All Users\Trend Micro
2008-02-22 19:54 . 2008-02-22 19:56 <DIR> d-------- C:\PROGRA~2\Trend Micro
2008-02-21 19:16 . 2008-02-21 19:16 <DIR> d-------- C:\Users\Robin\AppData\Roaming\McAfee
2008-02-18 12:48 . 2008-02-18 12:48 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-02-17 20:09 . 2008-02-17 20:09 <DIR> d-------- C:\Users\All Users\CheckPoint
2008-02-17 20:09 . 2008-02-17 20:09 <DIR> d-------- C:\PROGRA~2\CheckPoint
2008-02-17 20:09 . 2008-01-09 03:32 276,368 --a------ C:\Windows\System32\drivers\~GLH0014.TMP
2008-02-17 20:07 . 2008-02-18 09:12 <DIR> d-------- C:\Windows\Internet Logs
2008-02-17 19:15 . 2008-02-17 19:15 <DIR> d-------- C:\Users\Robin\AppData\Roaming\TrojanHunter
2008-02-17 17:39 . 2008-02-18 09:09 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-02-15 16:07 . 2008-01-10 00:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-15 15:25 . 2008-02-17 13:42 318,537,759 --a------ C:\Windows\MEMORY.DMP
2008-02-14 19:15 . 2008-02-14 19:15 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-14 19:15 . 2008-02-14 19:15 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-14 19:10 . 2008-02-14 19:10 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-14 19:10 . 2008-02-14 19:10 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-14 19:10 . 2008-02-14 19:10 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-14 19:10 . 2008-02-14 19:10 110,136 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-14 19:10 . 2008-02-14 19:10 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-14 19:10 . 2008-02-14 19:10 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-14 19:10 . 2008-02-14 19:10 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-02-14 19:09 . 2008-02-14 19:09 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 19:09 . 2008-02-14 19:09 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-14 19:09 . 2008-02-14 19:09 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-14 19:09 . 2008-02-14 19:09 217,144 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-14 19:09 . 2008-02-14 19:09 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-14 19:09 . 2008-02-14 19:09 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-14 19:09 . 2008-02-14 19:09 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-07 17:08 . 2008-02-15 13:07 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-07 17:08 . 2008-02-15 13:09 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-07 17:08 . 2008-02-15 13:07 <DIR> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2008-02-06 20:09 . 2008-02-17 18:46 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-06 20:09 . 2008-02-17 18:46 <DIR> d-------- C:\PROGRA~2\Lavasoft
2008-02-06 20:08 . 2008-02-06 20:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-05 21:16 . 2008-02-05 21:16 <DIR> d-------- C:\Users\Robin\AppData\Roaming\InstallShield
2008-02-05 21:16 . 2008-02-05 21:16 <DIR> d-------- C:\Program Files\Wal-Mart Music Downloads Store
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 00:16 --------- d-----w C:\Program Files\Trend Micro
2008-02-23 00:00 --------- d-----w C:\PROGRA~2\SiteAdvisor
2008-02-22 22:54 61,224 ----a-w C:\Users\Robin\GoToAssistDownloadHelper.exe
2008-02-22 04:20 --------- d-----w C:\Users\Robin\AppData\Roaming\SiteAdvisor
2008-02-22 00:16 --------- d-----w C:\PROGRA~2\McAfee
2008-02-21 23:11 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-02-15 00:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 00:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 00:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 00:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 00:05 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-15 00:05 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-15 00:05 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 00:05 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-31 01:57 --------- d-----w C:\PROGRA~2\WLInstaller
2008-01-22 00:06 --------- d-----w C:\PROGRA~2\CyberLink
2008-01-20 02:04 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-20 02:04 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-19 11:54 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-19 11:54 --------- d-----w C:\Program Files\Windows Mail
2008-01-19 11:47 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-18 23:36 --------- d-----w C:\PROGRA~2\Ulead Systems
2008-01-15 23:39 --------- d-----w C:\Users\Robin\AppData\Roaming\AOL
2008-01-12 23:20 --------- d-----w C:\Program Files\Total 3D
2008-01-09 08:32 276,368 ----a-w C:\Windows\system32\drivers\~GLH0014.TMP
2008-01-08 00:10 --------- d-----w C:\Users\Robin\AppData\Roaming\Simple Star
2008-01-06 13:47 --------- d-----w C:\Program Files\Dell Support Center
2008-01-06 13:47 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-01-06 11:39 --------- d-----w C:\Program Files\Apple Software Update
2008-01-06 11:39 --------- d-----w C:\PROGRA~2\Apple
2008-01-05 02:35 --------- d---a-w C:\PROGRA~2\TEMP
2008-01-04 01:33 --------- d-----w C:\PROGRA~2\Media Center Programs
2008-01-04 01:32 --------- d-----w C:\Program Files\MSN Games
2008-01-03 02:23 --------- d-----w C:\Program Files\PopCap Games
2008-01-03 02:23 --------- d-----w C:\PROGRA~2\PopCap Games
2008-01-03 02:12 --------- d-----w C:\Users\Robin\AppData\Roaming\123 Free Solitaire
2008-01-03 02:11 --------- d-----w C:\Program Files\123 Free Solitaire
2008-01-01 22:09 --------- d-----w C:\Users\Robin\AppData\Roaming\Roxio
2008-01-01 21:53 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-01 21:53 --------- d-----w C:\PROGRA~2\AOL
2008-01-01 12:29 --------- d-----w C:\Users\Robin\AppData\Roaming\Windows Live Writer
2007-12-25 21:33 --------- d-----w C:\PROGRA~2\Corel
2007-12-25 04:08 --------- d-----w C:\Users\Robin\AppData\Roaming\Apple Computer
2007-12-23 00:29 --------- d-----w C:\PROGRA~2\Citrix
2007-12-23 00:28 --------- d-----w C:\Program Files\Citrix
2007-12-23 00:08 --------- d-----w C:\Users\Robin\AppData\Roaming\GrassGames
2007-12-23 00:08 --------- d-----w C:\Program Files\Free Solitaire 3D
2007-12-18 01:46 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-18 01:46 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-18 01:46 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-18 01:46 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-18 01:46 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-18 01:46 299,008 ----a-w C:\Windows\System32\wlansec.dll
2007-12-18 01:46 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-18 01:46 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-18 01:46 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-18 01:46 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-18 01:45 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-12-18 01:45 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-12-18 01:45 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-12-18 01:45 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-12-18 01:45 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-18 01:44 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-18 01:44 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-12-18 01:44 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-12-18 01:44 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-18 01:41 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-12-17 23:12 80,896 ----a-w C:\Windows\System32\wudriver.dll
2007-12-17 23:12 549,720 ----a-w C:\Windows\System32\wuapi.dll
2007-12-17 23:12 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2007-12-17 23:12 43,352 ----a-w C:\Windows\System32\wups2.dll
2007-12-17 23:12 33,624 ----a-w C:\Windows\System32\wups.dll
2007-12-17 23:12 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2007-12-17 23:12 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2007-12-17 23:11 31,232 ----a-w C:\Windows\System32\wuapp.exe
2007-12-17 23:11 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2007-12-08 19:47 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-12-08 19:47 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-12-08 19:47 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-12-08 19:47 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-12-08 19:47 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-12-08 19:47 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-12-08 19:47 229,888 ----a-w C:\Windows\System32\msshsq.dll
2007-12-08 19:47 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-12-08 19:47 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-12-08 19:47 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-12-08 19:46 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-12-08 19:46 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-12-08 19:46 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-12-08 19:46 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-12-08 19:46 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-12-08 19:45 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-12-08 19:45 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-12-08 19:45 475,136 ----a-w C:\Windows\System32\evr.dll
2007-12-08 19:45 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-12-08 19:45 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-12-08 19:45 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-12-08 19:45 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-12-08 19:43 72,192 ----a-w C:\Windows\System32\dot3msm.dll
2007-12-08 19:43 45,568 ----a-w C:\Windows\System32\dot3dlg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09 460784]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"Simple Star PhotoShow Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-02-28 23:44 308728]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 06:47 1232896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-08 14:38 1006264]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 01:03 17920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 19:35 857648]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-27 23:54 405504]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-26 05:47 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-26 05:47 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-26 05:47 129560]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 14:33 1548288]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 17:34 86960]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 17:10 184320]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-08 07:29 1838592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-09-12 12:00 531272]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 11:12 243240]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 16:03 36640]
"HostManager"="C:\Program Files\Common Files\AOL\1199224386\ee\AOLSoftware.exe" [2006-09-25 19:52 50736]
"EarthLink Installer"=" /C" []
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 14:02 1807960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-12-08 07:07:41 50688]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 19:13:26 1180952]
C:\Users\Robin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-09-27 23:54]
R2 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 11:13]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R2 Stuffit Archive Name Service;Stuffit Archive Name Service;"C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe" [2007-05-01 10:15]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 19:39]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-26 05:47]
R3 NWADI;NWADI Bus Enumerator;C:\Windows\system32\DRIVERS\NWADIenum.sys [2007-08-16 15:24]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys [2007-08-16 15:24]
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe" Start=service []
S3 NWUSBCDFIL;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil.sys [2007-08-16 15:24]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2007-08-16 15:24]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 02:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37addde4-e0df-11dc-be30-001d09a80e66}]
\shell\AutoRun\command - G:\Autorun.exe /run
\shell\Shell00\Command - G:\Autorun.exe /run
\shell\Shell01\Command - G:\Autorun.exe /action
\shell\Shell02\Command - G:\Autorun.exe /uninstall
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-23 14:43:40
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Windows\system32\DLAAPI_W.DLL
.
Completion time: 2008-02-23 14:44:30
ComboFix2.txt 2008-02-22 17:41:42
ComboFix3.txt 2008-02-22 17:14:43
.
2008-02-21 23:12:13 --- E O F ---
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 23, 2008 5:11:59 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/02/2008
Kaspersky Anti-Virus database records: 577001
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 153306
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 01:59:07
Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A81000000003}\Enterprise.mnt Object is locked skipped
C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.ilg Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7b2e4e99486d2830d1b86b9c2983e933_53af283c-a810-40f3-ba1c-33642515ba65 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c011af52d3f9542c296099d8a0a0bbe4_53af283c-a810-40f3-ba1c-33642515ba65 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dell.txt Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee0c8a0b984d3fa3a17ad6b0839183ed_53af283c-a810-40f3-ba1c-33642515ba65 Object is locked skipped
C:\ProgramData\Microsoft\eHome\mediacenterdatastore.db Object is locked skipped
C:\ProgramData\Microsoft\eHome\SharedGuideBlocks_c02d096cdcc938637e851f40604a417d6129e0e6_0.mem Object is locked skipped
C:\ProgramData\Microsoft\eHome\SharedGuideHeader_c02d096cdcc938637e851f40604a417d6129e0e6.mem Object is locked skipped
C:\ProgramData\Microsoft\eHome\SharedGuideUpdates_c02d096cdcc938637e851f40604a417d6129e0e6.mem Object is locked skipped
C:\ProgramData\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\ProgramData\Trend Micro\PC-cillin\log\pcc_S-1-5-21-2211159594-3256084435-2579178106-1000.log Object is locked skipped
C:\ProgramData\Trend Micro\PC-cillin\log\TmPfw_S-1-5-21-2211159594-3256084435-2579178106-1000.log Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\dbc2e.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\dbdam Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\dbdao Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\dbeam Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\dbeao Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\dbm Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\dbu2d.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\dbvm.cf1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\dbvmh.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\fii.cf1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\fiih.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\hp Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\hpt2i.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\rpm.cf1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\rpm1m.cf1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\rpm1mh.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\rpmh.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Users\Robin\AppData\Local\Google\Google Desktop\3501c92b2757\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008022320080224\index.dat Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008022320080224\index.dat Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Robin\AppData\Roaming\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\UsrClass.dat{d3853c2a-aa91-11dc-a42b-001d09a80e66}.TM.blf Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\UsrClass.dat{d3853c2a-aa91-11dc-a42b-001d09a80e66}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows\UsrClass.dat{d3853c2a-aa91-11dc-a42b-001d09a80e66}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows Defender\FileTracker\{B184FC54-6F9E-4188-9006-2C64C8EEA92F} Object is locked skipped
C:\Users\Robin\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Robin\AppData\Local\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Users\Robin\AppData\Local\Temp\Low\~DF482A.tmp Object is locked skipped
C:\Users\Robin\AppData\Local\Temp\~DF2120.tmp Object is locked skipped
C:\Users\Robin\AppData\Local\Temp\~DFE5.tmp Object is locked skipped
C:\Users\Robin\AppData\Local\Temp\~DFF6.tmp Object is locked skipped
C:\Users\Robin\AppData\Roaming\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Robin\AppData\Roaming\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Users\Robin\AppData\Roaming\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Users\Robin\AppData\Roaming\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Users\Robin\AppData\Roaming\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Users\Robin\AppData\Local Settings\Roaming\SupportSoft\dellsupportcenter\Robin\state\logs\sprtcmd.log Object is locked skipped
C:\Users\Robin\ntuser.dat Object is locked skipped
C:\Users\Robin\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Robin\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Robin\ntuser.dat{0a6f98bb-c61c-11dc-9887-001d09a80e66}.TM.blf Object is locked skipped
C:\Users\Robin\ntuser.dat{0a6f98bb-c61c-11dc-9887-001d09a80e66}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Robin\ntuser.dat{0a6f98bb-c61c-11dc-9887-001d09a80e66}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\setupact.log Object is locked skipped
C:\Windows\Panther\setuperr.log Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.bld Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.bld Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{0a6f98a3-c61c-11dc-9887-001d09a80e66}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{0a6f98a3-c61c-11dc-9887-001d09a80e66}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{0a6f98a3-c61c-11dc-9887-001d09a80e66}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{0a6f98a3-c61c-11dc-9887-001d09a80e66}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.bld Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.bld Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Broadcom Wireless LAN.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
D:\Windows\security\database\secedit.sdb Object is locked skipped
Scan process completed.
Also my pc-cillin detected Freeloader_Smitfraud and Cookie_go