Hi to every one, newbie here.
need help? having serious problem with i think a browser hijacker. i am running windows vista basic (came with laptop). i am using ie explorer 7 and mozilla firefox latest updates, (not together). in both i am having a lot of unrequested tabs opening up with adverts?
i have looked around for possible answers in a lot of places and have found some good suggestions and the following is what i have tried.
firstly i am using the hosts file, an example that i have adapted for my use, it works partly but the websites i have added now come up as not able to connect?
i have windows defender switched on.
i have symantec, norton internet 2007 (paid for) as my firewall with all switched on, but having trouble with switching on phishing filter so filter is currently off? have programmed scans daily and they all show nothing?
i have spyware blaster version 3.5.1. updated.in use.
spybot-search and destroy version 1.5. in use.
ad-aware free version 7.0.2.5 in use
cw shredder, returns no results,
hijack this version 2.0.2
cccleaner.

following another forum post, i have run my pc in safe mode and then run ad-aware found nothing? deleted ad-aware? then run spybot-search and destroy found nothing. rebooted out of safe mode and then run cccleaner and fixed all.
still has not removed problem? (unless it is me that is the problem?)
i do use p2p and download torrents although i scan all of these, i have 3 children that use this pc mainly for microsoft messenger live,
please find attached

hijack this log, and uninstall manager log (only to save time and because i read a previous post).
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57:37, on 03/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Grumpy\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec

Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec

Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: (no name) - {4B7B69EB-A00F-4FCD-B601-ACCBB86ED528} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\power iso\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Grumpy\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common

Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0

\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} -

http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} -

http://www.amazon.co.uk/exec/obidos/redire...1&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -

http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!

\Common\Yinsthelper.dll
O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - http://www.euras.com/vista2/euras.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A7BE3E8-4D6D-4BE2-AA8E-3C39E31EE1B8}: NameServer =

80.58.61.250,80.58.61.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A7BE3E8-4D6D-4BE2-AA8E-3C39E31EE1B8}: NameServer =

80.58.61.250,80.58.61.254
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007

\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet

Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcg_device - - C:\Windows\system32\lxcgcoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot -

Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-

LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD

PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba

Stack\TosBtSrv.exe

--
End of file - 9140 bytes
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
hijack this uninstall manager
3D Home Architect Design Suite Deluxe 8
ABBYY FineReader 6.0 Sprint
Accessibility
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.1
AppCore
Atheros Driver Installation Program
ATK Hotkey
AV
Bluetooth Stack for Windows by Toshiba
Bulk Rename Utility 2, 7, 0, 1
ccCommon
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
ConvertXtoDVD 2.2.3.258g
Foxit PDF Editor
HijackThis 2.0.2
Intel® Graphics Media Accelerator Driver
Java™ SE Runtime Environment 6
KeyScrambler
K-Lite Mega Codec Pack 3.4.0
Lexmark 2300 Series
LimeWire PRO 4.14.10
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Lizardtech DjVu Control
M3U Creator 1.0
MagicDisc 2.5.79
MediaInfo 0.7.5.4
Microsoft Office Professional Edition 2003
Mozilla Firefox (2.0.0.11)
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Nero 8
neroxml
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
PowerISO
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
SoundMAX
SPBBC 32bit
Spybot - Search & Destroy
SpywareBlaster v3.5.1
SymNet
Synaptics Pointing Device Driver
Torrent Harvester
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Manuals
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
VCRedistSetup
Vista Shortcut Manager
Wincopy2007
Windows Live Messenger
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
WinRAR archiver
Wise Registry Cleaner 2.9.2
Yahoo! Install Manager

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

a lot of words for me hopefully some one can help. will await kind response.

Hi grumpy,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "The Java Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.

You are using LimeWire. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. I strongly recommend that you remove it. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/ If you opt to remove it, first use "Add/Remove Program" to remove it and any reference to LimeWire.
This is another article: http://www.cexx.org/adware.htm

This is an open source version of LimeWire: FrostWire. Be aware that this does not mean that what you download is malware free.

Where do these ads go to? What is their address?

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

hello thank you for the assistance.
have deleted and renewed java.
have removed limewire (do not need it).

including 2 logs as requested, combofix and hijack this.



ComboFix 07-12-02.6 - Grumpy 2007-12-04 21:57:51.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.100 [GMT 1:00]
Running from: E:\exe files\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Grumpy\AppData\Local\qelfjd_navfx.dat
C:\Users\Grumpy\AppData\Local\rukbcc.dat
C:\Users\Grumpy\AppData\Local\rukbcc.exe
c:\Users\Grumpy\AppData\Local\rukbcc_nav.dat
C:\Users\Grumpy\AppData\Local\rukbcc_navps.dat
C:\Users\Grumpy\AppData\Roaming\inst.exe
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))
.

2007-12-04 21:49 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2007-12-04 21:44 . 2007-12-04 21:48 <DIR> d-------- C:\Program Files\Java
2007-12-04 21:43 . 2007-12-04 21:43 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-03 13:54 . 2007-12-03 13:54 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-03 13:16 . 2007-12-03 13:16 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-03 13:15 . 2007-12-03 13:15 <DIR> d-------- C:\Users\All Users\Lavasoft
2007-12-03 13:15 . 2007-12-03 13:15 <DIR> d-------- C:\ProgramData\Lavasoft
2007-12-03 13:07 . 2007-12-03 13:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-03 10:19 . 2007-12-03 10:19 <DIR> d-------- C:\Users\All Users\Tarma Installer
2007-12-03 10:19 . 2007-12-03 10:19 <DIR> d-------- C:\ProgramData\Tarma Installer
2007-12-03 10:19 . 2007-12-03 10:20 <DIR> d-------- C:\Program Files\Bulk Rename Utility
2007-12-01 11:04 . 2007-12-01 11:05 148,086,416 --a------ C:\Windows\MEMORY.DMP
2007-11-29 21:40 . 2007-11-29 21:40 268 --ah----- C:\sqmdata00.sqm
2007-11-29 21:40 . 2007-11-29 21:40 244 --ah----- C:\sqmnoopt00.sqm
2007-11-28 19:18 . 2007-11-29 10:36 <DIR> d-------- C:\Users\Grumpy\AppData\Roaming\Lavasoft
2007-11-28 15:16 . 2007-11-28 18:38 <DIR> d-------- C:\Users\Grumpy\AppData\Roaming\Uniblue
2007-11-28 15:16 . 2007-11-28 15:16 <DIR> d-------- C:\Users\All Users\Uniblue
2007-11-28 15:16 . 2007-11-28 15:16 <DIR> d-------- C:\ProgramData\Uniblue
2007-11-27 20:47 . 2007-11-27 20:50 <DIR> d-------- C:\Program Files\MagicDisc
2007-11-27 20:47 . 2007-09-05 01:46 92,544 --a------ C:\Windows\System32\drivers\mcdbus.sys
2007-11-23 18:06 . 2007-11-23 18:06 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2007-11-23 18:06 . 2007-11-23 18:06 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
2007-11-21 17:00 . 2007-11-21 17:00 <DIR> d-------- C:\Program Files\Frameworkx
2007-11-21 13:56 . 2007-11-21 13:56 <DIR> d-------- C:\Users\All Users\MSScanAppDataDir
2007-11-21 13:56 . 2007-11-21 13:56 <DIR> d-------- C:\ProgramData\MSScanAppDataDir
2007-11-16 22:15 . 2007-11-16 22:15 <DIR> d-------- C:\Program Files\InterMute
2007-11-16 17:25 . 2007-11-16 17:25 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2007-11-16 17:25 . 2007-11-16 17:25 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2007-11-16 17:24 . 2007-11-27 16:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-15 15:17 . 2007-11-15 17:34 <DIR> d-------- C:\Users\All Users\STOPzilla!
2007-11-15 15:17 . 2007-11-15 17:34 <DIR> d-------- C:\ProgramData\STOPzilla!
2007-11-14 15:31 . 2007-11-14 15:31 <DIR> d-------- C:\Users\All Users\vsosdk
2007-11-14 15:31 . 2007-11-14 15:31 <DIR> d-------- C:\ProgramData\vsosdk
2007-11-14 13:15 . 2007-11-17 00:01 <DIR> d-------- C:\Users\Grumpy\AppData\Roaming\Vso
2007-11-14 13:15 . 2007-11-14 13:15 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2007-11-14 13:15 . 2007-11-14 13:15 47,360 --a------ C:\Users\Grumpy\AppData\Roaming\pcouffin.sys
2007-11-14 13:14 . 2007-11-14 13:14 <DIR> d-------- C:\Program Files\VSO
2007-11-14 13:14 . 2006-09-29 11:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2007-11-14 13:14 . 2006-09-29 11:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2007-11-14 13:14 . 2006-09-29 11:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2007-11-14 09:02 . 2007-11-14 09:02 185 --a------ C:\Windows\System32\msblcd32.dll
2007-11-14 09:01 . 2007-11-14 09:01 647,872 --a------ C:\Windows\System32\MSCOMCT2.OCX
2007-11-14 09:01 . 2007-11-14 09:01 165,680 --a------ C:\Windows\System32\AUTMGR32.EXE
2007-11-14 09:01 . 2007-11-14 09:01 140,488 --a------ C:\Windows\System32\Comdlg32.ocx
2007-11-14 09:01 . 2007-11-14 09:01 140,288 --a------ C:\Windows\System32\AUTPRX32.DLL
2007-11-14 09:01 . 2007-11-14 09:01 109,248 --a------ C:\Windows\System32\Mswinsck.ocx
2007-11-14 09:01 . 2007-11-14 09:01 61,440 --a------ C:\Windows\System32\RACMGR32.EXE
2007-11-14 09:00 . 2007-11-14 09:00 <DIR> d-------- C:\Program Files\AF Uninstalls
2007-11-12 08:56 . 2006-11-02 10:45 774,144 -r-hs---- C:\Windows\System32\dgilpd.exe
2007-11-12 08:14 . 2006-11-02 10:45 774,144 -r-hs---- C:\Windows\System32\nuyzpj.exe
2007-11-12 08:14 . 2006-11-02 10:45 774,144 -r-hs---- C:\Windows\System32\ihfrvz.exe
2007-11-10 22:14 . 2007-11-10 22:14 <DIR> d-------- C:\Windows\Sun
2007-11-10 03:15 . 2006-11-02 10:45 774,144 -r-hs---- C:\Windows\System32\mibnjo.exe
2007-11-10 02:15 . 2007-11-10 15:57 <DIR> d-------- C:\Users\Grumpy\Shared
2007-11-10 02:15 . 2007-11-10 16:09 <DIR> d-------- C:\Users\Grumpy\Incomplete
2007-11-10 02:13 . 2007-12-01 11:45 <DIR> d-------- C:\Users\Grumpy\AppData\Roaming\LimeWire
2007-11-08 16:42 . 2007-11-08 16:42 <DIR> d-------- C:\Program Files\M3U Creator
2007-11-06 23:31 . 2007-11-29 09:13 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-11-06 23:31 . 2007-11-29 09:13 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-11-06 18:14 . 2007-11-06 18:14 <DIR> d-------- C:\Program Files\MediaInfo
2007-11-06 18:09 . 2007-11-06 18:09 <DIR> d-------- C:\Users\All Users\eMule
2007-11-06 18:09 . 2007-11-06 18:09 <DIR> d-------- C:\ProgramData\eMule
2007-11-06 17:15 . 2007-11-06 17:15 <DIR> d-------- C:\Program Files\Torrent Harvester

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 21:00 --------- d-----w C:\Users\Grumpy\AppData\Roaming\BitTorrent DNA
2007-12-04 19:50 --------- d-----w C:\ProgramData\Symantec
2007-12-04 19:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-04 19:31 --------- d-----w C:\Program Files\Lx_cats
2007-12-02 14:11 --------- d-----w C:\Users\Grumpy\AppData\Roaming\BitTorrent
2007-12-02 11:56 --------- d-----w C:\Program Files\SpywareBlaster
2007-11-21 13:21 --------- d-----w C:\Program Files\Common Files\Real
2007-11-21 08:23 --------- d-----w C:\Program Files\TOSHIBA
2007-11-21 08:20 --------- d-----w C:\ProgramData\Ulead Systems
2007-11-21 08:20 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2007-11-21 08:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 17:45 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-12 07:57 --------- d---a-w C:\ProgramData\TEMP
2007-11-10 00:38 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-10 00:38 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-10 00:38 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-10 00:38 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-10 00:38 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-10 00:38 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-11-10 00:38 3,471,032 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-11-10 00:38 299,008 ----a-w C:\Windows\System32\wlansec.dll
2007-11-10 00:38 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-10 00:38 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-10 00:38 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-10 00:38 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-10 00:38 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-10 00:38 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-10 00:38 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-10 00:38 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-11-09 15:35 --------- d-----w C:\Users\Grumpy\AppData\Roaming\TOSHIBA
2007-11-03 18:17 --------- d-----w C:\Users\Grumpy\AppData\Roaming\Nero
2007-11-03 18:11 --------- d-----w C:\Program Files\Common Files\Nero
2007-11-03 18:06 --------- d-----w C:\ProgramData\Nero
2007-11-03 18:06 --------- d-----w C:\Program Files\Nero
2007-11-03 17:06 --------- d-----w C:\Program Files\CCleaner
2007-10-28 06:58 --------- d-----w C:\ProgramData\Cadsoft
2007-10-28 06:54 --------- d-----w C:\Program Files\Common Files\Cadsoft
2007-10-28 06:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-26 12:58 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2007-10-23 11:47 --------- d-----w C:\Program Files\LizardTech
2007-10-20 19:44 --------- d-----w C:\Program Files\Microsoft.NET
2007-10-20 19:44 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-20 19:15 --------- d-----w C:\Program Files\Google
2007-10-13 00:35 --------- d-----w C:\Program Files\Wise Registry Cleaner
2007-10-12 23:27 --------- d-----w C:\Users\Grumpy\AppData\Roaming\PeerNetworking
2007-10-12 20:45 --------- d-----w C:\Program Files\MSN Messenger
2007-10-10 19:09 --------- d-----w C:\Program Files\Windows Mail
2007-10-10 17:29 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-10 17:29 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-10 17:29 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-10 17:28 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-10 17:14 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-10-10 17:14 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-10-10 17:14 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-10-10 17:07 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-10 17:07 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-10-10 17:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-10-06 08:09 --------- d-----w C:\Program Files\BitTorrent
2007-10-06 06:38 --------- d-----w C:\Users\Grumpy\AppData\Roaming\Talkback
2007-10-05 11:26 --------- d-----w C:\ProgramData\Ezprint
2007-10-05 11:26 --------- d-----w C:\Program Files\Lexmark 2300 Series
2007-09-25 18:37 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-09-25 18:37 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-09-25 18:37 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-09-25 18:37 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-09-25 18:37 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-09-25 18:37 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-09-25 18:37 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-09-25 18:37 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-09-25 18:37 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-09-20 08:59 972,072 ----a-w C:\Windows\UNRecode.exe
2007-09-20 08:55 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2007-09-14 06:56 174 --sha-w C:\Program Files\desktop.ini
2007-09-14 06:47 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-09-14 06:47 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-09-14 06:47 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-09-14 06:47 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-09-14 06:47 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-09-14 06:47 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-09-14 06:47 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-09-14 06:47 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-09-14 06:47 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-09-14 06:47 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-09-14 06:47 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-09-14 06:47 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-09-14 06:47 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-09-14 06:47 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-09-14 06:47 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-09-12 06:49 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-09-12 06:49 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-09-12 06:49 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-09-12 06:49 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-09-12 06:49 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-09-12 06:49 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-09-12 06:49 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-09-12 06:49 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-09-12 06:49 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-09-12 06:49 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-09-12 06:49 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-09-12 06:49 22,016 ----a-w C:\Windows\System32\rasser.dll
2006-11-02 09:45 774,144 --sh--r C:\Windows\System32\dgilpd.exe
2006-11-02 09:45 774,144 --sh--r C:\Windows\System32\ihfrvz.exe
2006-11-02 09:45 774,144 --sh--r C:\Windows\System32\mibnjo.exe
2006-11-02 09:45 774,144 --sh--r C:\Windows\System32\nuyzpj.exe
2006-11-02 09:45 774,144 --sh--r C:\Windows\System32\ucpruc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="TOSCDSPD.EXE" []
"BitTorrent DNA"="C:\Users\Grumpy\Program Files\BitTorrent_DNA\dna.exe" [2007-10-08 05:03]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"rukbcc"="c:\users\grumpy\appdata\local\rukbcc.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-25 07:48]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 15:19]
"NDSTray.exe"="NDSTray.exe" []
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 12:05]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-05 03:05]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"LXCGCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 04:20]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2007-04-29 21:55]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2007-04-29 21:57]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-08-24 18:54]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-08-24 18:54]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-08-24 18:54]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"PWRISOVM.EXE"="E:\power iso\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-11-27 20:47:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)

R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071127.002\IDSvix86.sys
R2 ASLDRService;ASLDR Service;C:\Program Files\ATK Hotkey\ASLDRSrv.exe
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-11-28 08:08:34 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Grumpy.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2007-11-07 14:56:11 C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 22:04:01
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-04 22:05:04
.
--- E O F ---
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:58, on 04/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
E:\power iso\PowerISO\PWRISOVM.EXE
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Users\Grumpy\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: (no name) - {4B7B69EB-A00F-4FCD-B601-ACCBB86ED528} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\power iso\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Grumpy\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - http://www.euras.com/vista2/euras.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A7BE3E8-4D6D-4BE2-AA8E-3C39E31EE1B8}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A7BE3E8-4D6D-4BE2-AA8E-3C39E31EE1B8}: NameServer = 80.58.61.250,80.58.61.254
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcg_device - - C:\Windows\system32\lxcgcoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 9990 bytes

Hi grumpy,

Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme.reg and save it on your Desktop.

Locate fixme.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

The above Registry file was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
Go to Online malware scan and submit C:\Users\Grumpy\AppData\Local\rukbcc.exe.

Tell me the result.

Do the same for these files:

C:\Windows\System32\dgilpd.exe
C:\Windows\System32\nuyzpj.exe
C:\Windows\System32\ihfrvz.exe
C:\Windows\System32\mibnjo.exe
C:\Windows\System32\ucpruc.exe

hi bobbi.
have added the fixme reg, but the malware scan sight is down at the moment so will try that later, many thanks for this help, will post soon as i get on to the scan sight. there database is down, they know it?
all the best, grumpy

hello bobbi, went to malware scan sight but cannot find any of the exe files that you listed. have used search for them but nowhere?
since we made the changes i have had sessions on both ie and firefox and have had no incidents of unwanted tabs opening?
wait to hear from you, grumpy

Hi grumpy,

If the files aren't found then they're likely gone as ComboFix already suggested.

Let's see if there are still things left behind. Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the button
• A new window will open.
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on to start the scan
• When the scan completes, if anything malicious is detected, click the button, and save it to a convenient location. Post the contents of the ActiveScan report

hello bobbi.
panda scan does n't support windows vista at this moment although they are working on it'
thanks, mick

Hey Mick,

Grrrrrr..... Let's try another. They don't say anything about Vista so dumb logic says it should work.
Please do an online scan with Kaspersky Online Scanner using Internet Explorer (this online scanner only works with IE):

1. Click on "Kaspersky Online Scanner".
2. You will be prompted to install an ActiveX component from Kaspersky, click "Yes".
3. The program will launch and then begin downloading the latest definition files.
4. Once the files have been downloaded click on "Next".
5. Now click on "Scan Settings".
6. In the scan settings make sure that the following are selected:
   • Scan using the following Anti-Virus database:
     Extended
   • Scan Options:
     Scan Archives
     Scan Mail Bases
7. Click "OK".
8. Now under select a target to scan:
   Select "My Computer".
9. This program will start and scan your system.
10. The scan will take a while so be patient and let it run.
    Once the scan is complete it will display if your system has been infected.
    • Now click on the "Save Report As" button.
    • In the "File name:" field, type kavscan.
    • In the "Save as type:" field, select "Text file (*.txt)".
11. Save the file to your desktop.
12. Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

hi bobbi,
scan report as requested.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, December 07, 2007 8:58:52 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/12/2007
Kaspersky Anti-Virus database records: 476534
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 68249
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:46:04

Infected Object Name / Virus Name / Last Action
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.53.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.53.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010025.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010032.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010045.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010046.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy99.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf6631.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf6651.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050025.log Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2007-12-07_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\ProgramData\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\7D4585B8.TMP Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\D6C8B999.TMP Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\Grumpy\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Grumpy\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Grumpy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Grumpy\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Grumpy\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Grumpy\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Grumpy\AppData\Local\Microsoft\Windows\UsrClass.dat{80dab19f-5ea9-11dc-87a4-001a92a9f0dd}.TM.blf Object is locked skipped
C:\Users\Grumpy\AppData\Local\Microsoft\Windows\UsrClass.dat{80dab19f-5ea9-11dc-87a4-001a92a9f0dd}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Grumpy\AppData\Local\Microsoft\Windows\UsrClass.dat{80dab19f-5ea9-11dc-87a4-001a92a9f0dd}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Grumpy\AppData\Local\Microsoft\Windows Defender\FileTracker\{BFD90150-3C6D-4DFA-A5B5-A960105D6A5E} Object is locked skipped
C:\Users\Grumpy\AppData\Local\Temp\~DFCDA9.tmp Object is locked skipped
C:\Users\Grumpy\AppData\Local\Temp\~DFCDB4.tmp Object is locked skipped
C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Grumpy\NTUSER.DAT Object is locked skipped
C:\Users\Grumpy\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Grumpy\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Grumpy\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped
C:\Users\Grumpy\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Grumpy\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\etc\Hosts.bak Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

hi bobbi looking at the scan report a lot of objects are locked and then skipped? why? or is that a need to know question?
mick

Hi Mick,

Nah... many files are locked because they are either system files like the Registry, or loaded into memory. It could also be that an infection is trying to keep us out, so Kaspersky is reporting it anyway. The trrick to these files is to find what is important and what is not.

Nothing at all. And from what I can see not false negatives.

I'd say you're clean :)

Are you experiencing problems?

hello bobbi,
thank you for the info,
no, i am not experiencing any problems at the moment it would appear that my machine is "clean", i really cannot thank you enough for your assistance, my last laptop didn't bounce off the floor very well and my wife was getting a little concerned about this one. but machine and i are in harmony now for a while.
i am trying to be a little more careful about what i do, i am skipping the p2p, got bored with it any way.
i am glad i found this site, although i may not have the technological skill to advise people i will still visit and contribute where i can.
once again thank you and i am sure we will speak again.
mick