Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Constant Hard Drive Activity

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Constant Hard Drive Activity

Unread postby Timmy » December 29th, 2007, 1:15 pm

Hi,

My Harddrive has been going haywire the last day or two. If someone could please take a look at my log, that would be appreciated

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:14:00 AM, on 12/29/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Vanguard\Downloads\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... B&M=ML3109
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... B&M=ML3109
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html ... B&M=ML3109
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.41.135.218:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Vanguard\AppData\Local\Temp\vtuts.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [DSS] C:\Windows\WWWInsHost.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Vanguard\AppData\Local\Temp\ddaba.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Vanguard\AppData\Local\Temp\vtuts.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 7893 bytes
Timmy
Regular Member
 
Posts: 26
Joined: December 29th, 2007, 1:09 pm
Top
Advertisement
Register to Remove

Re: Constant Hard Drive Activity

Unread postby Katana » January 3rd, 2008, 9:01 pm

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Did you set this proxy server ? ,ProxyServer = 192.41.135.218:3128


Disable Windows Defender
Please disable Windows Defender Real Time Protection as it may interfere with the fix. To disable Windows Defender:
  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • Close Windows Defender

Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines
F3 - REG:win.ini: load=C:\Users\Vanguard\AppData\Local\Temp\vtuts.exe
O4 - HKCU\..\Run: [DSS] C:\Windows\WWWInsHost.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Vanguard\AppData\Local\Temp\ddaba.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Vanguard\AppData\Local\Temp\vtuts.dll,c

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis
OTMoveIt
Please download OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please Right-click OTMoveIt.exe and run as Administrator
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Users\Vanguard\AppData\Local\Temp\vtuts.exe
    C:\Windows\WWWInsHost.exe
    C:\Users\Vanguard\AppData\Local\Temp\ddaba.dll
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
  • Copy and paste the contents of the results box as a reply to this topic
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\\_OTMoveIt\\MovedFiles\\********_******.log
(where "********_******" is the "date_time")

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Top

Re: Constant Hard Drive Activity

Unread postby Timmy » January 4th, 2008, 12:51 am

Deckard's System Scanner v20071014.68
Run by Vanguard on 2008-01-03 20:41:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
5: 2007-12-29 09:40:32 UTC - RP82 - Installed Ad-Aware 2007
4: 2007-12-19 05:41:42 UTC - RP81 - Scheduled Checkpoint
3: 2007-12-17 02:10:06 UTC - RP80 - Scheduled Checkpoint
2: 2007-12-16 08:16:23 UTC - RP79 - Scheduled Checkpoint
1: 2007-12-08 22:08:11 UTC - RP78 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 446 MiB (1024 MiB recommended).


-- HijackThis (run as Vanguard.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:27 PM, on 1/3/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Windows\system32\rundll32.exe
C:\Users\Vanguard\Desktop\dss.exe
C:\Users\Vanguard\Desktop\Vanguard.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... B&M=ML3109
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... B&M=ML3109
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html ... B&M=ML3109
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.41.135.218:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Vanguard\AppData\Local\Temp\vtuts.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Vanguard\AppData\Local\Temp\pmkhg.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Vanguard\AppData\Local\Temp\vtuts.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 7366 bytes

-- HijackThis Fixed Entries (C:\Users\Vanguard\Desktop\backups\) ---------------

backup-20080103-203530-146 O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Vanguard\AppData\Local\Temp\pmkhg.dll,#1
backup-20080103-203530-709 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
backup-20080103-203530-835 O4 - HKCU\..\Run: [DSS] C:\Windows\WWWInsHost.exe
backup-20080103-203530-886 O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Vanguard\AppData\Local\Temp\vtuts.dll,c
backup-20080103-203530-918 F3 - REG:win.ini: load=C:\Users\Vanguard\AppData\Local\Temp\vtuts.exe
backup-20080103-203531-670 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

S3 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-15 01:00:00 366 --a------ C:\Windows\Tasks\McDefragTask.job
2007-05-30 17:55:46 368 --a------ C:\Windows\Tasks\McQcTask.job


-- Files created between 2007-12-03 and 2008-01-03 -----------------------------

2007-12-29 09:06:25 0 d-------- C:\Users\Vanguard\.housecall6.6
2007-12-29 09:03:27 0 d-------- C:\Windows\BDOSCAN8
2007-12-29 01:43:05 0 d-------- C:\Program Files\Lavasoft
2007-12-29 01:42:57 0 d-------- C:\Users\All Users\Lavasoft
2007-12-29 01:39:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-29 00:47:47 0 d-------- C:\Users\All Users\Spybot - Search & Destroy


-- Find3M Report ---------------------------------------------------------------

2008-01-03 20:02:21 0 d-------- C:\Program Files\Azureus
2008-01-01 20:55:37 0 d-------- C:\Users\Vanguard\AppData\Roaming\Azureus
2007-12-29 17:27:59 0 d-------- C:\Users\Vanguard\AppData\Roaming\SopCast
2007-12-29 01:39:39 0 d-------- C:\Program Files\Common Files
2007-12-27 23:07:16 0 d-------- C:\Users\Vanguard\AppData\Roaming\SampleView
2007-12-26 23:23:41 0 d-------- C:\Program Files\McAfee
2007-11-13 20:12:11 0 d-------- C:\Users\Vanguard\AppData\Roaming\Move Networks
2007-11-07 23:09:27 0 d-------- C:\Program Files\Gateway Games
2007-10-25 10:26:48 53248 --a------ C:\Windows\bdoscandel.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/23/2007 12:28 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/17/2006 01:58 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 02:10 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [11/29/2006 11:22 AM]
"MSConfig"="C:\Windows\system32\msconfig.exe" [11/02/2006 01:45 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 11:35 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 04:34 AM]
"MSServer"="C:\Users\Vanguard\AppData\Local\Temp\pmkhg.dll,#1" []
"cmds"="C:\Users\Vanguard\AppData\Local\Temp\vtuts.dll,c" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
c:\program files\Bigfix\bigfix.exe /atstartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MskAgentexe]
C:\Program Files\McAfee\MSK\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {4DE0B33E-019A-CDBA-C2D1-C66F8598EF15} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-01-03 20:47:28 ------------
Timmy
Regular Member
 
Posts: 26
Joined: December 29th, 2007, 1:09 pm
Top

Re: Constant Hard Drive Activity

Unread postby Timmy » January 4th, 2008, 12:52 am

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Basic (build 6000)
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) M CPU 520 @ 1.60GHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 445.5 MiB / 113.27 MiB
Pagefile Memory (total/avail): 1442.18 MiB / 777.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.69 MiB

C: is Fixed (NTFS) - 65.26 GiB total, 37.8 GiB free.
D: is Fixed (NTFS) - 9.27 GiB total, 3.62 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HTS421280H9AT00 ATA Device - 74.53 GiB - 2 partitions
\PARTITION0 - Installable File System - 9.27 GiB - D:
\PARTITION1 (bootable) - Installable File System - 65.26 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FW: McAfee Personal Firewall v (McAfee) Disabled
AV: McAfee VirusScan v (McAfee) Outdated
AS: McAfee VirusScan v (McAfee)
AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Vanguard\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MICHELANGELO
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Vanguard
LOCALAPPDATA=C:\Users\Vanguard\AppData\Local
LOGONSERVER=\\MICHELANGELO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Vanguard\AppData\Local\Temp
TMP=C:\Users\Vanguard\AppData\Local\Temp
USERDOMAIN=MICHELANGELO
USERNAME=Vanguard
USERPROFILE=C:\Users\Vanguard
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Vanguard


-- Add/Remove Programs ---------------------------------------------------------

Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Agere Systems HDA Modem --> agrsmdel
ATI Uninstaller --> C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
Browser Address Error Redirector --> regsvr32 /u /s "c:\google\BAE.dll"
Citrix ICA Web Client --> C:\Windows\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Gateway Connect --> MsiExec.exe /I{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}
Gateway Recovery Center Installer --> MsiExec.exe /X{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}
HijackThis 2.0.2 --> "C:\Users\Vanguard\Desktop\HijackThis.exe" /uninstall
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=12
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Move Networks Media Player for Internet Explorer --> C:\Users\Vanguard\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
PE Builder 3.1.10a --> "c:\pebuilder3110a\unins000.exe"
Power2Go 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
SopCore 1.1.2 --> C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type8838 / Error
Event Submitted/Written: 01/03/2008 07:44:19 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application mcproxy.exe, version 1.2.137.0, time stamp 0x45b1768e, faulting module mcadaptr.dll, version 8.2.135.0, time stamp 0x45faceb8, exception code 0x40000015, fault offset 0x0000259f,
process id 0x3e8, application start time 0xmcproxy.exe0.

Event Record #/Type8814 / Success
Event Submitted/Written: 01/03/2008 07:33:11 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type8810 / Success
Event Submitted/Written: 01/03/2008 07:33:04 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type8807 / Success
Event Submitted/Written: 01/03/2008 07:32:44 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type8580 / Success
Event Submitted/Written: 01/02/2008 09:32:50 PM
Event ID/Source: 5617 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type38907 / Error
Event Submitted/Written: 01/03/2008 08:29:10 PM
Event ID/Source: 30013 / ipnathlp
Event Description:
The DHCP allocator has disabled itself on IP address 192.168.1.100, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

Event Record #/Type38906 / Warning
Event Submitted/Written: 01/03/2008 08:29:10 PM
Event ID/Source: 1237 / ipnathlp
Event Description:
The ICS_IPV6 was unable to allocate  bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Event Record #/Type38891 / Warning
Event Submitted/Written: 01/03/2008 08:13:15 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00C0A8EC7CCF. The following error occurred:
%%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type38875 / Warning
Event Submitted/Written: 01/03/2008 08:00:27 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00C0A8EC7CCF. The following error occurred:
%%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type38865 / Warning
Event Submitted/Written: 01/03/2008 07:51:37 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00C0A8EC7CCF. The following error occurred:
%%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-01-03 20:47:28 ------------
Timmy
Regular Member
 
Posts: 26
Joined: December 29th, 2007, 1:09 pm
Top

Re: Constant Hard Drive Activity

Unread postby Timmy » January 4th, 2008, 12:53 am

OTMOveit log:

C:\Users\Vanguard\AppData\Local\Temp\vtuts.exe moved successfully.
File/Folder C:\Windows\WWWInsHost.exe not found.
File/Folder C:\Users\Vanguard\AppData\Local\Temp\ddaba.dll not found.

Created on 01/03/2008 20:38:09
Timmy
Regular Member
 
Posts: 26
Joined: December 29th, 2007, 1:09 pm
Top

Re: Constant Hard Drive Activity

Unread postby Katana » January 4th, 2008, 9:54 am

Your AntiVirus appears to be out of date, please can you confirm its status.

The Beta version of HJT is now out of date. Please download the latest version.

Download HJT

Click here to download HJTinstall.exe
  • Save HJTinstall.exe to your desktop.
  • Double click on the HJTinstall.exe icon on your desktop.
  • By default it will install to C:\\Program Files\\Trend Micro\\Hijack This.
  • Click I accept
  • Click on the Do A System Scan Only button.
    When it has finished scanning put a check next to the following lines
    F3 - REG:win.ini: load=C:\Users\Vanguard\AppData\Local\Temp\vtuts.exe

    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Vanguard\AppData\Local\Temp\pmkhg.dll,#1
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Vanguard\AppData\Local\Temp\vtuts.dll,c

    - Close ALL open windows (especially Internet Explorer!)-
    Now click Fix checked
    Click yes to any prompts
    Close HijackThis




Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • Kaspersky Log
  • A fresh HJT log
  • How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Top

Re: Constant Hard Drive Activity

Unread postby Timmy » January 5th, 2008, 10:14 pm

I disabled Mcafee because I thought it was the cause of my hard drive activity. Logs are attached. It doesn't look like HijackThis was able to remove the virus. My computer's Hard drive is still on all the time (maybe a wee bit more intermittent than before).


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, January 05, 2008 6:06:28 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/01/2008
Kaspersky Anti-Virus database records: 503020
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 97132
Number of viruses found: 8
Number of infected objects: 33
Number of suspicious objects: 0
Duration of the scan process: 02:42:24

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Deckard\System Scanner\backup\Users\Vanguard\AppData\Local\Temp\tmp000251c0 Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Deckard\System Scanner\backup\Users\Vanguard\AppData\Local\Temp\tmp0002baab Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Deckard\System Scanner\backup\Users\Vanguard\AppData\Local\Temp\tmp0002dc0e Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Deckard\System Scanner\backup\Users\Vanguard\AppData\Local\Temp\tmp00030aee Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Deckard\System Scanner\backup\Users\Vanguard\AppData\Local\Temp\tmp00030b8a Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Deckard\System Scanner\backup\Users\Vanguard\AppData\Local\Temp\tmp00032e06 Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Deckard\System Scanner\backup\Users\Vanguard\AppData\Local\Temp\tmp0003375d Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Deckard\System Scanner\backup\Users\Vanguard\AppData\Local\Temp\tmp00033e52 Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Deckard\System Scanner\backup\Users\Vanguard\AppData\Local\Temp\tmp00036b7d Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Deckard\System Scanner\backup\Users\Vanguard\AppData\Local\Temp\tmp00037262 Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Deckard\System Scanner\backup\Users\Vanguard\AppData\Local\Temp\tmp00037cd2 Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Deckard\System Scanner\backup\Users\Vanguard\AppData\Local\Temp\tmp000380f9 Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Deckard\System Scanner\backup\Users\Vanguard\AppData\Local\Temp\tmp00056aa8 Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Deckard\System Scanner\backup\Users\Vanguard\AppData\Local\Temp\tmp000ba794 Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Deckard\System Scanner\backup\Users\Vanguard\AppData\Local\Temp\tmp000de82e Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Deckard\System Scanner\backup\Users\Vanguard\AppData\Local\Temp\tmp00124fae Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Deckard\System Scanner\backup\Users\Vanguard\AppData\Local\Temp\urqpnmj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Deckard\System Scanner\backup\Windows\temp\AsExec.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI9A58.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMIFCDF.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070902-121120-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070902-121303-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070903-034617-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070903-034630-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070904-032630-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070904-032641-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070904-214934-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070904-214946-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070907-193238-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070907-193254-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070908-093204-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070908-093221-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070908-163444-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070908-163455-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070909-214630-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070909-214653-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070913-224215-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070913-224704-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070915-093814-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070915-093848-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070915-221554-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070915-221610-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070916-090658-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070916-090712-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070917-010650-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070917-010704-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070918-193134-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070918-193209-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070919-220307-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070919-220323-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070920-212616-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070920-212714-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070921-195854-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070921-195916-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070922-114103-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070922-114115-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070923-092716-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070923-092733-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070923-233435-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070923-233450-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070930-103219-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20070930-103234-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071002-202807-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071002-202827-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071003-210038-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071003-210109-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071005-222002-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071005-222019-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071006-204924-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071006-204946-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071007-081417-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071007-081433-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071007-165434-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071007-165455-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071008-222006-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071008-222017-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071010-212319-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071010-212930-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071012-203140-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071012-203221-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071013-080316-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071013-080332-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071014-101026-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071014-101046-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071014-224449-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071014-224503-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071015-214107-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071015-214120-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071016-202940-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071016-202953-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071017-205929-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071017-205945-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071018-201942-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071018-201957-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071019-201552-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071019-201614-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071020-095435-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071020-095449-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071021-195453-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071021-195507-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071022-201633-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071022-201648-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071023-192408-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071023-192423-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071024-200121-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071024-200507-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071025-194817-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071025-194833-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071026-222736-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071026-222754-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071027-154756-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071027-154812-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071027-232111-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071027-232128-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071028-151432-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071028-151449-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071028-204831-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071028-204849-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071029-201421-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071029-201435-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071030-202215-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071030-202226-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071101-201518-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071101-201534-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071102-200125-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071102-200140-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071103-083859-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071103-083915-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071103-131159-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071103-131212-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071103-203120-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071103-203139-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071104-084226-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071104-084240-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071105-201351-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071105-201430-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071106-200354-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071106-200416-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071107-192448-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071107-192504-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071108-212228-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071108-212424-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071109-191045-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071109-191113-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071110-093009-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071110-093025-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071111-001439-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071111-001457-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071111-092202-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071111-092220-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071111-175245-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071111-175259-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071112-153914-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071112-153931-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071113-201644-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071113-201742-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071114-201515-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071114-201742-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071115-200414-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071115-200518-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071116-185525-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071116-185551-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071117-091914-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071117-091937-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071117-165532-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071117-165600-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071118-101018-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071118-101041-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071118-162606-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071118-162620-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071119-204221-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071119-204241-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071120-195803-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071120-195816-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071121-184022-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071121-184038-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071128-134832-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071128-134941-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071128-225652-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071128-225705-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071129-204551-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071129-204609-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071130-220131-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071130-220148-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071201-092139-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071201-092154-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071201-231158-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071201-231228-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071202-091219-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071202-091237-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071203-210323-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071203-210339-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071204-195917-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071204-195932-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071205-210158-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071205-210250-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071206-201818-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071206-201840-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071207-201316-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071207-201336-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071208-115935-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071208-115952-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071208-231240-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071208-231303-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071209-125631-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071209-125645-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071209-205345-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071209-205404-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071210-195610-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071210-195628-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071211-204345-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071211-204400-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071212-222014-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071212-222032-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071213-201336-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071213-201350-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071214-230309-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071214-230344-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071215-094915-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071215-094944-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071215-223712-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071215-223733-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071216-111334-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071216-111355-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071216-213647-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071216-213702-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071217-220559-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071217-220617-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071218-200455-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071218-200512-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071219-201134-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071219-201159-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071220-201504-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071220-201525-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071221-200026-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071221-200137-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071222-174915-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071222-175216-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071223-091221-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071223-091237-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071223-165310-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071223-165326-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071224-141355-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071224-141408-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071224-233244-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071224-233300-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071225-092549-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071225-092609-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071225-211141-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071225-211155-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071226-203040-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071226-203144-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071226-233834-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071226-233948-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071227-210622-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071227-210755-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071228-210111-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071228-210224-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071229-004633-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071229-004740-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071229-014707-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071229-014844-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071229-091004-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071229-091123-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071229-234607-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071229-234710-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071230-084204-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071230-084308-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071230-162637-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071230-162745-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071231-205818-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20071231-205958-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080101-101435-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080101-101521-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080101-175325-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080101-175458-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080102-214742-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080102-214853-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080103-194753-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080103-194904-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_A9tVMjL26APqIfR Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_cgzwaz9Pay4Fgr2 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_e9fObXtIGH1eqh9 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_Gby9gfKZzpBO0Jv Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_HhRasriGHZwc50d Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_l4n8PRIDRBAJXaG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_Mrt8DKhyeXaV4Cp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_r2J35tdtnTBu1WH Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_RXt3UHwLzkwfegc Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_uKbJ1wszpxEhFpG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_XTBJdaVPvfNQrjg Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_598yqOBr7ggnX11 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_77fUgZZlVQX0b7X Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_Ex4RaXKr5JkAI8x Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_FWzLOEYvcLHnLim Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_gJ8bipkChdjudXk Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_jRNM2eEdqxQAAqS Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_LthUSeXSLzOzJUQ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_MrYAmmcSVEPccUw Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_obfxeuz1p29sNod Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_qI2iSnpJRICE2xM Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_rvfrv5MC3MhnLqZ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_sULR8y7F3ka3pbu Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_Ui8ngYzx3ZWAjsd Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_ynsbJIJzlJJwE0v Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\MpCmdRun.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\MpSigStub.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_05vOjhslQPDEeK4 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_0k3hcVKtnRKwrAi Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_0OVWfwn6xrChXu9 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_0ySqGLQEf0fXhpk Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_1JAVy881z5rtOOQ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_1OdCjgZOCyX9Kgm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_1OwXmVtvxp1cgw2 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_1Rav15BPxQ3AKVY Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_1VkyBIa28ADSFh2 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_2o64WsAaPR2Hz0W Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_3Ccnq6N8sJClG4K Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_3FDYhrfc28bYb50 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_3FOWd6RboPTFlIl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_3fxmsfaidtRWGd8 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_3WzUUWpayYWnugG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_3xDnGESEZVMldPz Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_3yNcQgl0lhVR1Tv Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_47sw7LLhlXWbGyp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_4dkvxGQNbrschYj Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_4nf6Xila2FHIg1Z Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_4o72rWaYqBIpg4U Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_4s58UfjnoO9qbWF Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_4y49mgBsnwWodQ4 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_5O84jI6uMUpa1Kn Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_658bwyeFlx6XoRr Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_6ahaydVUda5qfZP Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_6aoH8bVZtEtReew Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_6cEdEoMgpqxMI4E Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_6hP1FQeZAcCb4sO Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_6mQdPeKTTstJjaX Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_73KFDRaqZl08nkb Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_75cVWdW9n8QrrZw Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_7gntjoDuoOKuxBp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_7OwzapFfgh9F9wC Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_7p7mcuI6E71QGFv Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_8C8MdD5NNsSiKqK Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_8eh468oVrtVe9Kj Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_8hScFzqXhndbmLS Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_8koM89gG1ALF0mp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_9enxxT9Iz3UJOPh Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_9O1Q7eB03KGdlWr Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_9SPUjYS8LVs2Gsb Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_9xIcKBMOVHcfpki Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_A2IIDIuc9teecwu Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_AfL3B3imT177bA5 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_AiBfLkIwVJNXgB1 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_AJL9ZaxWCdhymnQ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_ALG21sJiqwteWcN Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_AojZgKQmsulOHQB Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_apWgd4b0vEd1cTK Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_aQYVh3KBVdzFOQJ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_ATwyx4IMiGqiXa5 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_AUH0jpq5SzoRyc1 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_aUNCLZYKq6Vq8dZ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_aYex6b9FEL0db0R Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_AYRIEYadHg0c4W2 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_B0M4JSAodHt72Wh Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_B1YxhQJjzN6c8ku Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_B42Xr4fGwTzwaa2 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_b4sZOXaQI1tq1JK Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_b5J4TMCRt5TcKBI Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_B6aJcjbMSJUo7ws Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_bERUXqBjgQZfTSr Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_BFldBfn8Wzdxz6B Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_bJ3jcsAVaeDbhrj Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_bLMLdQPsjhDWYiO Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_BNghzetUtR984xy Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_bNmFt7HiF30b02r Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_bPaOmzlI2JWC285 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Bpkiay6ztGqdtpp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_BShyHgofJyZjDdF Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_BuQPmncIJcSLY3I Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_BViUwaa9DrrwyBI Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_bYZfrpe1JgB85gb Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_C35DkqmaOT1ys5n Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_C3FRImPYjscOHO3 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_C7CVFiQ7BN26TEg Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_C9iEPPn9KqstsQr Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_C9oKt6XBfgSq4X1 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_cbnS9ZclVGtBwPt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_CbPoEobN5ESx3yD Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_CcpvaqA14c7aEM2 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_ciQcvMANk6oaVke Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Cl65PyoOFq5C7Fj Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_CmCdOybCeN8Se4M Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_CrflcMBh6OUIAbh Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_cuhpnZV1cQq90OC Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_cUSbOoY2lFGRY95 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_cVPUixa1hJCt08z Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_CVQSOfdZKYfj8wS Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_CW7jXyukxfUkZE7 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_CWNjoxsY1E9Fmg7 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_cxRZKVaKNtaE1zH Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_CZEf5LF407ESx46 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_D2E4UTM0PYVRLhG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_d9mGu5MZghVYXiO Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_depltJHMzebiEKY Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_DgMhAOhK0l6i8rP Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_DL1oCvCjyGKmie8 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Doq5YzdyxP22wdo Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_DX76y1zHbSFIKlq Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_DXxYCcbXHfrT2em Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_dY3HQR5hdD8Sznx Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_e0futwOANMO5cuE Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_E4S8OCgHnjhwm66 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_E5092d5dQqe88Vg Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_E5e6mifuQTJNSlL Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_E8PngH7pxcy5tC6 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_eaqVQST0f1aMgGs Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_EBxhIejUodSm1DF Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_EE3cPyJQyYWKZcl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_eeluelixKYikHtb Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_eMeot8SEJ6nb7Qv Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_ENuKT3PxuVe35Pb Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_eQICbJrQRHiIqQp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_eqmv0oXR00AC7Cc Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_EqvcBDd7jAHTTj7 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_es2K0qXWKBdF0UZ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_EuyLzgmSkzf4RSt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Ex0Q74HSnsxLYoP Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_eX1781S4lzuCs6W Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_ExFYoOFwAHuch8H Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_fCDHOisWhLOVNE7 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_FDDZptwfsEJg6bp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_ffgPP9cpl4z0XpL Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_FGJTWSZq2ok7Itt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_FRacocgnafZcQa4 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_FtEYGBefDevdtX2 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_FtFhWGSAIdemPXi Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_fUgQ6ycrNiRS1Tg Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Fv2OpDadUBzDBUE Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_FYyobpwVa61qEZm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Fz4oPXbyJ3yDDfI Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_G3R8GZEYWl0uDXy Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_g6B6beFIpJHo0M4 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_g88KX51nVfgKxOG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_giitxoQmFy7AKGw Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_GiScWhnbR2HmnWR Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_gKA0fegCUo00GKY Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_gLbmbuG4Gkip5Y6 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_GOHOT1ZNjq35xvt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_GoYFQfSeVw0KKyx Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_h0hXM4V5MkNUkCn Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_h4c1nxt6QFK8u7N Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_h4zk4bfTujfYhe7 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_h6Umpx1t7kugYOd Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_h82FEFdYVHvbvZ0 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_h9ifjZe2HFYMYR0 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_hHdwUMqDPspeehB Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_HJjip9yzy5KyDsP Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_HM0i9tVy3yb0YgA Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_HTbiHqV1F6dn1yV Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_hv8b1yDecb7s375 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_hwJh0HIUCDEBDLD Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_hyDf4zhbYsS6l36 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_HYL7xDCQwDRcImZ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_I5K1BwMCw8h7FVv Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_iAbbiEtT6eqlY9c Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_iH3atddlYBVe1BJ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_j1cgam4SJxP56Xs Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_j7QVYj4D1ABH1Up Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_jacyYK52TwimNyG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_jb53OZDI7QAlZ2S Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_jbwLuWX2mCE9NmR Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_JDJk1ijLbNciAZx Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_jGvK4N7zUVzNRXd Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_jljiELaOfCmURWh Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_jmysHfZsbclbPah Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_jRcQXiblRI4UFjQ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_jSo1SAlMatjzQc6 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_jWCwUkJH9p3d5WU Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_JzchtdkcA1bQ35x Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_K12FKHogHTc3sU9 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_k1qce9gP4aS4ziR Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_k2dBZElt7FSjTOR Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_K3086jfj8QG9sQH Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_K3f6Cjw0MAvgDhx Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_k9K7TJ3TbWPJjS8 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_KgMDIGsXfIWlyDG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_kQrvXAK8fU1BzN7 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_KsCHRjeaY0pLezG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_kTEPgSRlM6tS832 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_kVms9qEIApgLIMX Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_kXV0ujtLkI1d4ul Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_l7LH8GeiWofwXrp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_lBZuXwgebMUJLnJ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_LfIuYXBM1MAbuRW Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Lodq04ASBBVf0Vh Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_LoSTTejzjHer6zW Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_LYbbtq7A5RwbZ11 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_lYjf95c5kfaGwEB Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_M5SgG6Ak02m6pjj Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_M8khZzjdUdl9hro Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_mD7B5clhbouuSMX Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_mgBbjUcbkjUeSJL Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_MHesABpIPgQP1XO Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Mhq0DxrfXsKSarT Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_MPwX1J16oZr6S15 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_MVUugUzCtghxmhW Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_MWch0mngRIUHmAE Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_N0AhWmmvc2KqicK Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_n9HbYFUgo6o7cBm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_ndA5E3Ke7TxGKdj Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_NdV9IrqKg1wgGNz Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_NFNsy4dpztp9XAA Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_NHvvOA1at5soM6F Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_nHXxJ5UyNMfhYRe Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_NnWYUIcrObc2ptD Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_NPitS5ZMan2y9ln Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_NSklwKxheZmqQni Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_nXsCNw5X5b2Brym Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_NydN4rQEOCnRz0H Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_O0BRDzfrqzYKb6k Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_O6smaoxaOd4pbTm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_oB2APFAEh8e8ifd Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_oEj0IexYtYo9lqF Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_oGAMZU8G3oJa1yB Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_OhWUOns0N6gccll Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Oiku7lZapSVHx2h Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_oNcmKdERtpnzxRz Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_OPwEPX7IC11Takf Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_otBxRiBMOb4uagS Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_ouxNPjbjTVuzZi8 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_PafX7hw01920ozx Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Pc8cMRapnNEy4AZ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_PdEqh9MsaMcpOkH Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_PFHqMc8Q7fUpjeE Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_pmmut1O1DWR7pHL Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_PpDmDNPfCqTqut5 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_PQ6pTcYkj01W57g Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_psdDdw0tvklKK4T Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_PUV9GHbnXhFohdO Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_PxUgrqoGHghGg6E Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Q9SlW7X9DWQNI0I Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_QhB5V7HMWQnDyHl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_qIexa9y1ad5DbU7 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_QjN70qeyxx1SKv9 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_qm08gbcBLgK0Dt0 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_QQ3VtegC9ECGCxm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_QRCYJ3HgLFTVDf3 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Qrh9lIpXUDfEeYV Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_qv698lO48QSmygZ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_qyJ2T2qUYMTbRcu Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_R2M4TCfO6I8UNh6 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_R7EL51rtYFC7jIt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_RGDqnEW8x6x4N7a Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_RsUSbJJaLRPTZbf Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_RwNgZxeCubuhYO3 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_RxszyLHKh25105B Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_RZ7G5LZBdTW7s86 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_s0O0gLXel8vcFJ4 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_S9VAL3Oafd6fY8h Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_sBluPKHRWxNX5Qm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_SCQiGATG0TIhdeY Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_sgJ3rigrss1tNdi Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_SHc1XftA4naMtVW Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_ShmnLxRwfZ91aGq Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_soGwgR6AQWYeNt1 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_spMfakazn750v5E Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_sQ5adnBvGBKSwLk Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_sZpW16FLQWP5Eci Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_t58Ye5oRktCTFli Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_tACg2kySyaVXhaG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_td6SAWF5oDTGPxG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_TdnO5p0Vk1kVbdt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_tFgUiyd9BvtT0Sh Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_THVW5FjDI5bpjKp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Tqb7xSQlQGNTx4v Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_tQu6n7GZMPVz8AO Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_TrdJKmo4vcdkTEx Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_tRYm1h9VwpZqvS8 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_tryuvY9rpVHG72B Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_tt362nI2fb2fWnS Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_tti1bNAdOtAM4ND Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_tX63WomhUFSA4pJ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_tZ2wFEoDFyYwbLh Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_TZ8EklURCOtznVJ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_u6XeyyhWq0hQLyD Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_UDZZZfbLdIv6YP0 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_uEecmCawDgoky4r Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_UgfBJhmfz7Yo1Ao Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_UGtlgjDeMMwnNHA Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_ukxZY5zgqz1CteP Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_UNrze6ZY5mRJZyP Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_uuQfQa2LxVrDlSJ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_UUxHhPAsdfWChh5 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_uXdk84V7RcK0cag Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_UzIHSm6beCUCu1E Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_UzrO2ERNVvEcutj Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_V4Kg7QHBxIWBBM1 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_V7KaTc3Q0zgFJHG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_VdLcIbxzjb2gu0b Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_vpAtpUQChDTPGC5 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_VqCyQKUBHQlVRPp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_VqHYor3B2pQFZvS Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_VsJFCVQoaLxYxKt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_vzCELQRfX4uFUAm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_wBlJZhYxgcLtgTy Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_WCvAIHp5f1ffTVV Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_wgSC7ZWDKxZ7skT Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_WIBJuoGeg6eJSXr Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_wiBl8iPNoNLL5O1 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Wl7stHnEV2y87sz Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_WqHRdf80DEAng15 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_WRvQouDPAKsPJai Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_wUS8OEArDwajHDg Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_wWb7UJWnbKY8HCj Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_WYGd0SVIBWdS238 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_x98hZObEfpgabb0 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Xb52dYGCzjwq2pD Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_xh1icwrwxZMYBmR Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_xKBac7PDAvkeMpc Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_XMwpQNghTvatAvR Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_XTA7saMM17iOZ1R Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_XUm3gTJ1ZoXlzc1 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_xv6kmfhlFXYUOiP Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_XwhhoF6P7fdQNMx Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_xxvqMtH6tOSfrq6 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_yeVlpIQ2xJvOC5f Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_YkU1SmKGNROe6Uf Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_yQAdXSL6lLwbqOI Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_z2fDYFbzggThxxF Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Z7Hq1ZytNNap3fr Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_Zaz8CDd9TP13AmK Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_ZDPLg32uFFnz3Dv Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_ZjuJCH75NrbTqv2 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_zl08GhnnPG9G3AC Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_zrOpKoYKogGjDF8 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_zVuy1i93FLayyx9 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\sqlite_zX7W6thDhbVqxzS Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\TMP0000003A3DA259EC4CDB8492 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\TMP0000003AEC576378FD797B4C Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\TMP0000003C4B7A0760DF05BFD2 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\TMP0000003CA1DBAAA8DA436955 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\TMP0000003E6BC45C2B86913A58 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\TMP000000406348A980C5794E6A Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\TMP00000041F6032298073D5436 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\TMP00000045D4002EA8C6700527 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\TMP0000004ADB69F09D24A26E5D Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\TMP000000524B86D8F3BD16CE33 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER110A.tmp.hdmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER1286.tmp.version.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER1287.tmp.appcompat.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER1B13.tmp.hdmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER4153.tmp.version.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER4154.tmp.appcompat.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER4398.tmp.hdmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER9BE1.tmp.version.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WER9C4F.tmp.appcompat.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERA048.tmp.hdmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERA6F.tmp.hdmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERB710.tmp.version.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERB711.tmp.appcompat.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERB760.tmp.hdmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERD5A0.tmp.version.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERD67C.tmp.appcompat.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERD890.tmp.hdmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WEREB6.tmp.version.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WEREC7.tmp.appcompat.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERED37.tmp.version.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERED38.tmp.appcompat.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WEREE04.tmp.hdmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERFD6D.tmp.version.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WERFD7D.tmp.appcompat.txt Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_DX.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_KernelLog.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_StorageAsmt.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\wmsetup.log Object is locked skipped
C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.ilg Object is locked skipped
C:\ProgramData\McAfee\MNA\NAData Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\{3C9C9CC3-5A9A-4EED-9649-374E25C8AE4E}.log Object is locked skipped
C:\ProgramData\McAfee\MSC\McUsers.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\RBLDB.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Data\TFR26CC.tmp Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Josh.dat Object is locked skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008010520080106\index.dat Object is locked skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFDZ7X33\ljpvbhqw[1].htm Infected: Trojan-Clicker.Win32.Costrat.cz skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLQD0C00\css4[1] Infected: Virus.Win32.Trats.d skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLQD0C00\gamadril20071203[1] Infected: Backdoor.Win32.Agent.dbm skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLQD0C00\hctp[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLQD0C00\ykmsx[1].txt Infected: Trojan.Win32.Agent.djz skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Windows\UsrClass.dat{08014f8c-5986-11dc-99ae-00032546b13f}.TM.blf Object is locked skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Windows\UsrClass.dat{08014f8c-5986-11dc-99ae-00032546b13f}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Windows\UsrClass.dat{08014f8c-5986-11dc-99ae-00032546b13f}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Vanguard\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Users\Vanguard\AppData\Local\ATI\ACE\Log\MOM-1.log Object is locked skipped
C:\Users\Vanguard\AppData\Local\Mozilla\Firefox\Profiles\nxko8spw.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Vanguard\AppData\Local\Mozilla\Firefox\Profiles\nxko8spw.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Vanguard\AppData\Local\Mozilla\Firefox\Profiles\nxko8spw.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Vanguard\AppData\Local\Mozilla\Firefox\Profiles\nxko8spw.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Vanguard\AppData\Local\Temp\dvehgixh .exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Users\Vanguard\AppData\Local\Temp\dvehgixh.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Users\Vanguard\AppData\Local\Temp\jkhhi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Users\Vanguard\AppData\Local\Temp\rgfogxum.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\Users\Vanguard\AppData\Local\Temp\tmp00038b88 Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Users\Vanguard\AppData\Local\Temp\tmp0006fbe7 Infected: not-a-virus:AdWare.Win32.Virtumonde.cll skipped
C:\Users\Vanguard\AppData\Local\Temp\TMP7613.tmp Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Users\Vanguard\AppData\Local\Temp\TMPDBF5.tmp Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Users\Vanguard\AppData\Local\Temp\vtuts.dll Infected: Virus.Win32.Trats.d skipped
C:\Users\Vanguard\AppData\Local\Temp\vtuts.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Users\Vanguard\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Vanguard\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Vanguard\AppData\Roaming\Mozilla\Firefox\Profiles\nxko8spw.default\cert8.db Object is locked skipped
C:\Users\Vanguard\AppData\Roaming\Mozilla\Firefox\Profiles\nxko8spw.default\history.dat Object is locked skipped
C:\Users\Vanguard\AppData\Roaming\Mozilla\Firefox\Profiles\nxko8spw.default\key3.db Object is locked skipped
C:\Users\Vanguard\AppData\Roaming\Mozilla\Firefox\Profiles\nxko8spw.default\parent.lock Object is locked skipped
C:\Users\Vanguard\AppData\Roaming\Mozilla\Firefox\Profiles\nxko8spw.default\search.sqlite Object is locked skipped
C:\Users\Vanguard\AppData\Roaming\Mozilla\Firefox\Profiles\nxko8spw.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\Vanguard\NTUSER.DAT Object is locked skipped
C:\Users\Vanguard\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Vanguard\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Vanguard\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped
C:\Users\Vanguard\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Vanguard\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\ACEEventLog.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\McDefragTask.job Object is locked skipped
C:\Windows\Tasks\McQcTask.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
C:\_OTMoveIt\MovedFiles\Users\Vanguard\AppData\Local\Temp\vtuts.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

Scan process completed.
Timmy
Regular Member
 
Posts: 26
Joined: December 29th, 2007, 1:09 pm
Top

Re: Constant Hard Drive Activity

Unread postby Timmy » January 5th, 2008, 10:16 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:47 PM, on 1/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Users\Vanguard\AppData\Local\Temp\dvehgixh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Users\Vanguard\AppData\Local\Temp\dvehgixh .exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\explorer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... B&M=ML3109
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... B&M=ML3109
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html ... B&M=ML3109
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Vanguard\AppData\Local\Temp\vtuts.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Vanguard\AppData\Local\Temp\jkhhi.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Vanguard\AppData\Local\Temp\vtuts.dll,c
O4 - HKCU\..\Run: [DDC] C:\Users\Vanguard\AppData\Local\Temp\dvehgixh .exe
O4 - HKCU\..\Run: [b4d76f11] rundll32.exe "C:\Users\Vanguard\AppData\Local\Temp\rgfogxum.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 7872 bytes
Timmy
Regular Member
 
Posts: 26
Joined: December 29th, 2007, 1:09 pm
Top

Re: Constant Hard Drive Activity

Unread postby Katana » January 6th, 2008, 8:44 am

Have you got UAC turned off ? If so please re-enable it.

CCleaner
Please download CCleaner from here to clean temp files from your computer.
  • Right click on the ccsetup.exe file and "Run As Administrator" to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location.
  • Under Install Options, choose all the default settings
  • Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items. Click on Issues and make sure Registry Integrity is UNchecked!
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • After CCleaner has completed its process, click Exit.

Fix With HJT
Close all other windows and then Right click HiJack This and "Run As Administrator"
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines
F3 - REG:win.ini: load=C:\Users\Vanguard\AppData\Local\Temp\vtuts.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Vanguard\AppData\Local\Temp\jkhhi.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Vanguard\AppData\Local\Temp\vtuts.dll,c
O4 - HKCU\..\Run: [DDC] C:\Users\Vanguard\AppData\Local\Temp\dvehgixh .exe
O4 - HKCU\..\Run: [b4d76f11] rundll32.exe "C:\Users\Vanguard\AppData\Local\Temp\rgfogxum.dll",b

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

OTMoveIt
  • Please Right click OTMoveIt.exe and "Run As Administrator" to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Users\Vanguard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFDZ7X33\ljpvbhqw[1].htm
    C:\Users\Vanguard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLQD0C00\css4[1]
    C:\Users\Vanguard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLQD0C00\gamadril20071203[1]
    C:\Users\Vanguard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLQD0C00\hctp[1]
    C:\Users\Vanguard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLQD0C00\ykmsx[1].txt
    C:\Users\Vanguard\AppData\Local\Temp\dvehgixh .exe
    C:\Users\Vanguard\AppData\Local\Temp\dvehgixh.exe
    C:\Users\Vanguard\AppData\Local\Temp\jkhhi.dll
    C:\Users\Vanguard\AppData\Local\Temp\rgfogxum.dll
    C:\Users\Vanguard\AppData\Local\Temp\tmp00038b88
    C:\Users\Vanguard\AppData\Local\Temp\tmp0006fbe7
    C:\Users\Vanguard\AppData\Local\Temp\TMP7613.tmp
    C:\Users\Vanguard\AppData\Local\Temp\TMPDBF5.tmp
    C:\Users\Vanguard\AppData\Local\Temp\vtuts.dll
    C:\Users\Vanguard\AppData\Local\Temp\vtuts.exe
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
  • Copy and paste the contents of the results box as a reply to this topic
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\\_OTMoveIt\\MovedFiles\\********_******.log
(where "********_******" is the "date_time")

Deckard's System Scanner
Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, a text file will open - main.txt
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your reply

(NOTE: Only one file will be created this time)
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Top

Re: Constant Hard Drive Activity

Unread postby Timmy » January 6th, 2008, 10:03 am

Notes: My UAC is turned on.

When MoveIT asked me to reboot and when I logged in again, I got a dialog box with "RunDLL" as the title in the box. The contents of the dialog box is: "Error loading c:\users\vanguard\appdata\local\temp\vtuts.dll. Specified module could not be found"

MoveIt log:

File/Folder C:\Users\Vanguard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFDZ7X33\ljpvbhqw[1].htm not found.
File/Folder C:\Users\Vanguard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLQD0C00\css4[1] not found.
File/Folder C:\Users\Vanguard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLQD0C00\gamadril20071203[1] not found.
File/Folder C:\Users\Vanguard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLQD0C00\hctp[1] not found.
File/Folder C:\Users\Vanguard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLQD0C00\ykmsx[1].txt not found.
File/Folder C:\Users\Vanguard\AppData\Local\Temp\dvehgixh .exe not found.
C:\Users\Vanguard\AppData\Local\Temp\dvehgixh.exe moved successfully.
File/Folder C:\Users\Vanguard\AppData\Local\Temp\jkhhi.dll not found.
DllUnregisterServer procedure not found in C:\Users\Vanguard\AppData\Local\Temp\rgfogxum.dll
C:\Users\Vanguard\AppData\Local\Temp\rgfogxum.dll NOT unregistered.
C:\Users\Vanguard\AppData\Local\Temp\rgfogxum.dll moved successfully.
File/Folder C:\Users\Vanguard\AppData\Local\Temp\tmp00038b88 not found.
File/Folder C:\Users\Vanguard\AppData\Local\Temp\tmp0006fbe7 not found.
File/Folder C:\Users\Vanguard\AppData\Local\Temp\TMP7613.tmp not found.
File/Folder C:\Users\Vanguard\AppData\Local\Temp\TMPDBF5.tmp not found.
DllUnregisterServer procedure not found in C:\Users\Vanguard\AppData\Local\Temp\vtuts.dll
C:\Users\Vanguard\AppData\Local\Temp\vtuts.dll NOT unregistered.
File move failed. C:\Users\Vanguard\AppData\Local\Temp\vtuts.dll scheduled to be moved on reboot.
File/Folder C:\Users\Vanguard\AppData\Local\Temp\vtuts.exe not found.

Created on 01/06/2008 05:48:56
Timmy
Regular Member
 
Posts: 26
Joined: December 29th, 2007, 1:09 pm
Top

Re: Constant Hard Drive Activity

Unread postby Timmy » January 6th, 2008, 10:11 am

Here is the DSS log. I have a suspicion that rundll32.exe is the culprit. Seems to be spawning new files in my temp directory even after I ran the cleaner.


Deckard's System Scanner v20071014.68
Run by Vanguard on 2008-01-06 06:04:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 446 MiB (1024 MiB recommended).


-- HijackThis (run as Vanguard.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:35 AM, on 1/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Windows\system32\rundll32.exe
C:\Users\Vanguard\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Vanguard.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... B&M=ML3109
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... B&M=ML3109
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html ... B&M=ML3109
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Vanguard\AppData\Local\Temp\ssqrp.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Vanguard\AppData\Local\Temp\ddccc.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Vanguard\AppData\Local\Temp\ssqrp.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 7411 bytes

-- Files created between 2007-12-06 and 2008-01-06 -----------------------------

2008-01-06 05:32:43 0 d-------- C:\Program Files\CCleaner
2008-01-04 21:38:12 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-01-04 21:25:26 0 d-------- C:\Program Files\Trend Micro
2007-12-29 09:06:25 0 d-------- C:\Users\Vanguard\.housecall6.6
2007-12-29 09:03:27 0 d-------- C:\Windows\BDOSCAN8
2007-12-29 01:43:05 0 d-------- C:\Program Files\Lavasoft
2007-12-29 01:42:57 0 d-------- C:\Users\All Users\Lavasoft
2007-12-29 01:39:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-29 00:47:47 0 d-------- C:\Users\All Users\Spybot - Search & Destroy


-- Find3M Report ---------------------------------------------------------------

2008-01-03 20:02:21 0 d-------- C:\Program Files\Azureus
2008-01-01 20:55:37 0 d-------- C:\Users\Vanguard\AppData\Roaming\Azureus
2007-12-29 17:27:59 0 d-------- C:\Users\Vanguard\AppData\Roaming\SopCast
2007-12-29 01:39:39 0 d-------- C:\Program Files\Common Files
2007-12-27 23:07:16 0 d-------- C:\Users\Vanguard\AppData\Roaming\SampleView
2007-12-26 23:23:41 0 d-------- C:\Program Files\McAfee
2007-11-13 20:12:11 0 d-------- C:\Users\Vanguard\AppData\Roaming\Move Networks
2007-11-07 23:09:27 0 d-------- C:\Program Files\Gateway Games
2007-10-25 10:26:48 53248 --a------ C:\Windows\bdoscandel.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/23/2007 12:28 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/17/2006 01:58 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 02:10 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [11/29/2006 11:22 AM]
"MSConfig"="C:\Windows\system32\msconfig.exe" [11/02/2006 01:45 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 11:35 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 04:34 AM]
"MSServer"="C:\Users\Vanguard\AppData\Local\Temp\ddccc.dll,#1" []
"cmds"="C:\Users\Vanguard\AppData\Local\Temp\ssqrp.dll,c" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
c:\program files\Bigfix\bigfix.exe /atstartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MskAgentexe]
C:\Program Files\McAfee\MSK\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {4DE0B33E-019A-CDBA-C2D1-C66F8598EF15} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-01-06 06:06:16 ------------
Timmy
Regular Member
 
Posts: 26
Joined: December 29th, 2007, 1:09 pm
Top

Re: Constant Hard Drive Activity

Unread postby Katana » January 6th, 2008, 10:26 am

rundll32.exe is normally used by other files anyway, so I doubt that is the actual problem.
BUT you never know with malware so we will check it. :)


Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
C:\Windows\system32\rundll32.exe
Click Submit/Send File
Please post back, to let me know the results.

If Virustotal is too busy please try Jotti
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Top

Re: Constant Hard Drive Activity

Unread postby Timmy » January 6th, 2008, 10:41 am

Looks like it is fine.


AhnLab-V3 2008.1.1.10 2007.12.31 -
AntiVir 7.6.0.46 2007.12.31 -
Authentium 4.93.8 2007.12.31 -
Avast 4.7.1098.0 2007.12.31 -
AVG 7.5.0.516 2008.01.01 -
BitDefender 7.2 2008.01.01 -
CAT-QuickHeal 9.00 2007.12.31 -
ClamAV 0.91.2 2008.01.01 -
DrWeb 4.44.0.09170 2007.12.31 -
eSafe 7.0.15.0 2008.01.01 -
eTrust-Vet 31.3.5421 2008.01.01 -
Ewido 4.0 2008.01.01 -
FileAdvisor 1 2008.01.01 -
Fortinet 3.14.0.0 2008.01.01 -
F-Prot 4.4.2.54 2007.12.31 -
F-Secure 6.70.13030.0 2008.01.01 -
Ikarus T3.1.1.15 2008.01.01 -
Kaspersky 7.0.0.125 2008.01.01 -
McAfee 5196 2007.12.31 -
Microsoft 1.3109 2008.01.01 -
NOD32v2 2759 2008.01.01 -
Norman 5.80.02 2007.12.31 -
Panda 9.0.0.4 2008.01.01 -
Prevx1 V2 2008.01.01 -
Rising 20.24.52.00 2007.12.29 -
Sophos 4.24.0 2008.01.01 -
Sunbelt 2.2.907.0 2007.12.30 -
Symantec 10 2008.01.01 -
TheHacker 6.2.9.176 2008.01.01 -
VBA32 3.12.2.5 2007.12.31 -
VirusBuster 4.3.26:9 2008.01.01 -
Webwasher-Gateway 6.6.2 2007.12.31 -
Additional information
File size: 44544 bytes
MD5: 4b555106290bd117334e9a08761c035a
SHA1: 2d77b2ac185828a6300c8838355444279929bcb0
PEiD: -
Timmy
Regular Member
 
Posts: 26
Joined: December 29th, 2007, 1:09 pm
Top

Re: Constant Hard Drive Activity

Unread postby Katana » January 6th, 2008, 2:56 pm

Let's try a different scan to see if that can find the file that is causing the reinfection.

TotalScan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >> TotalScan << LINK
  • Under Scan Now click the Full Scan button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small Save button and save the report to your desktop.
  • Please post the report in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Top

Re: Constant Hard Drive Activity

Unread postby Timmy » January 6th, 2008, 3:20 pm

I'm having issues installing the panda plugin.

In Both IE and FireFox, I am able to load 100% of the files but then in Both I am getting the following error:
TotalScan update: Update error
Sorry, updating is incomplete due to an error. Please try again. Error 1003.
Timmy
Regular Member
 
Posts: 26
Joined: December 29th, 2007, 1:09 pm
Top
Advertisement
Register to Remove
Next
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 139 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index