System Freeze After Failed Sp3 Install

Just bought BitFender AntiVirus 2009 and installed on 3 computers and all ran well. MS auto-update tried to install SP3 (o one computer) and failed with BSOD, then rolled back. Since then BitFender locks up entire computer each time I try to launch "BitFender AntiVirus 2009" user interface. Runiing Windows XP+SP2+all critical updates+2Gb ram and PC Tools Firewall Plus with BitFender granted full access to everyything. Have been using Norton products for years with no problems ever. Very disappointed. Please find Hijack this log below.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:31:06, on 08/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\ansyslmd.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\PC Tools Firewall Plus\FWService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer\bin\ReportingServicesService.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\SMSC\CIRHID\V1_0_0000_0\ToshibaRC.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\taskswitch.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe

C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\Seaward\PATGuard Elite\eManagerNR.exe

C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe

C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ToshibaApp] C:\WINDOWS\SMSC\CIRHID\V1_0_0000_0\ToshibaRC.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [scanSoft OmniPage 15.0-reminder] "C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage15.0\Ereg\ereg.ini"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"

O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [1&1 EasyLogin] C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: PATGuard e-Manager.lnk = C:\Program Files\Seaward\PATGuard Elite\eManagerNR.exe

O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll

O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222381615468

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rapidclimatecontrol.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = rapidclimatecontrol.com

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

End of file - 13672 bytes

Find more posts tagged with

Comments

rootkit

Download: http://subs.geekstogo.com/ComboFix.exe and save it on your Desktop.

Run the program....

Then post the resultant log here.

bflogin

Download: http://subs.geekstogo.com/ComboFix.exe and save it on your Desktop.

Run the program....

Then post the resultant log here.

Here it is as requested...

ComboFix 08-10-07.06 - Paul.Camilleri 2008-10-08 15:50:36.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1270 [GMT 1:00]

Running from: C:\Documents and Settings\Paul.Camilleri\Desktop\BitFender-2009\ComboFix.exe

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\Documents and Settings\Paul.Camilleri\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\Documents and Settings\WS5\ASPNET\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\WINDOWS\IE4 Error Log.txt

C:\WINDOWS\system32\Cache

C:\WINDOWS\system32\Cfx32.lic

C:\WINDOWS\system32\cfx32.ocx

C:\WINDOWS\system32\mdm.exe

C:\WINDOWS\system32\rtl60.bpl

((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))

2008-10-08 11:28 . 2008-10-08 11:28 <DIR> d-------- C:\Program Files\Trend Micro

2008-10-07 22:53 . 2008-10-07 22:53 <DIR> d-------- C:\WINDOWS\system32\scripting

2008-10-07 22:53 . 2008-10-07 22:53 <DIR> d-------- C:\WINDOWS\system32\en

2008-10-07 22:53 . 2008-10-07 22:56 <DIR> d-------- C:\WINDOWS\system32\bits

2008-10-07 22:53 . 2008-10-07 22:53 <DIR> d-------- C:\WINDOWS\l2schemas

2008-10-07 22:48 . 2007-08-10 20:46 33,656 --a------ C:\WINDOWS\system32\sprecovr.exe

2008-10-07 22:44 . 2007-02-28 10:53 2,137,600 --a------ C:\WINDOWS\system32\ntoskrnl.exe

2008-10-07 22:30 . 2008-04-14 01:12 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe

2008-10-07 22:29 . 2006-12-28 20:01 19,569 --a------ C:\WINDOWS\003046_.tmp

2008-10-07 22:16 . 2008-10-08 09:17 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-10-07 14:29 . 2008-10-07 14:29 <DIR> d-------- C:\Documents and Settings\Paul.Camilleri\Application Data\PCToolsFirewallPlus

2008-10-07 14:22 . 2008-10-08 16:07 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-10-07 14:21 . 2008-10-07 14:35 <DIR> d-------- C:\Program Files\PC Tools Firewall Plus

2008-10-07 14:21 . 2008-10-07 14:21 <DIR> d-------- C:\Program Files\Common Files\PC Tools

2008-10-07 14:21 . 2008-07-28 11:29 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys

2008-10-07 14:21 . 2008-07-17 16:53 93,952 --a------ C:\WINDOWS\system32\drivers\pctfw.sys

2008-10-07 14:21 . 2008-08-05 15:58 58,136 --a------ C:\WINDOWS\system32\drivers\FWAuthdriver.sys

2008-10-07 13:56 . 2008-10-07 13:56 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml

2008-10-07 13:56 . 2008-10-07 13:56 385 --a------ C:\WINDOWS\system32\user_gensett.xml

2008-10-07 13:52 . 2008-10-07 13:52 <DIR> d-------- C:\Documents and Settings\Paul.Camilleri\Application Data\BitDefender

2008-10-07 13:51 . 2008-10-07 13:51 <DIR> d-------- C:\Program Files\BitDefender

2008-10-07 13:51 . 2008-10-07 13:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender

2008-10-07 13:49 . 2008-10-07 13:52 <DIR> d-------- C:\Program Files\Common Files\BitDefender

2008-10-05 14:07 . 2008-10-05 14:07 61,208 --a------ C:\WINDOWS\system32\x264vfw-uninstall.exe

2008-10-05 04:31 . 2008-10-05 04:31 <DIR> d-------- C:\Program Files\AVSMedia

2008-09-27 03:48 . 2008-09-27 03:48 414 --a------ C:\AVSAudioDXfilters.xml

2008-09-26 11:53 . 2008-09-26 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU

2008-09-26 10:43 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll

2008-09-26 10:43 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-09-26 09:58 . 2008-09-26 09:58 <DIR> d-------- C:\Documents and Settings\Paul.Camilleri\Application Data\CyberLink

2008-09-26 09:41 . 2008-09-26 11:15 <DIR> d-------- C:\Program Files\CyberLink

2008-09-26 02:41 . 2008-09-26 02:41 <DIR> d-------- C:\Documents and Settings\Paul.Camilleri\Application Data\AVSMedia

2008-09-26 00:24 . 2008-09-26 00:24 <DIR> d-------- C:\WINDOWS\SQLTools9_KB954606_ENU

2008-09-26 00:23 . 2008-09-26 00:23 <DIR> d-------- C:\WINDOWS\DTS9_KB954606_ENU

2008-09-26 00:22 . 2008-09-26 00:22 <DIR> d-------- C:\WINDOWS\NS9_KB954606_ENU

2008-09-26 00:19 . 2008-09-26 00:19 <DIR> d-------- C:\WINDOWS\RS9_KB954606_ENU

2008-09-26 00:14 . 2008-09-26 02:41 <DIR> d-------- C:\Program Files\Common Files\AVSMedia

2008-09-26 00:14 . 2003-05-22 12:26 638,976 --a------ C:\WINDOWS\system32\divx.dll

2008-09-26 00:14 . 2002-08-20 01:41 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll

2008-09-26 00:14 . 2003-05-21 23:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll

2008-09-26 00:14 . 2003-05-22 12:26 221,215 --a------ C:\WINDOWS\system32\divxdec.ax

2008-09-26 00:14 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx

2008-09-26 00:14 . 2003-05-21 23:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm

2008-09-26 00:14 . 2004-02-04 21:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm

2008-09-26 00:14 . 2003-05-21 23:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm

2008-09-26 00:14 . 2000-03-14 20:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm

2008-09-26 00:13 . 2008-09-26 00:13 <DIR> d-------- C:\WINDOWS\SQL9_KB954606_ENU

2008-09-25 21:08 . 2004-08-03 22:58 5,376 --a------ C:\WINDOWS\system32\MSPCLOCK.sys

2008-09-25 20:54 . 2008-09-25 20:54 <DIR> d-------- C:\Drivers

2008-09-25 20:54 . 2001-11-05 09:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys

2008-09-25 20:54 . 2002-10-15 22:41 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys

2008-09-25 20:54 . 2001-07-03 20:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL

2008-09-25 20:54 . 2001-11-05 09:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys

2008-09-25 20:54 . 2001-11-05 09:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys

2008-09-25 20:54 . 2001-07-03 20:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll

2008-09-18 14:58 . 2008-09-18 14:58 <DIR> d-------- C:\Program Files\Sonic Foundry

2008-09-18 14:58 . 2008-09-18 14:58 <DIR> d-------- C:\Program Files\Pure Motion

2008-09-18 14:58 . 2008-09-18 14:58 <DIR> d-------- C:\Program Files\DebugMode

2008-09-08 14:40 . 2008-09-08 14:40 <DIR> d-------- C:\Program Files\AmbulantPlayer-1.8

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-10-07 12:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-10-07 12:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-10-07 12:41 --------- d-----w C:\Program Files\Symantec

2008-10-06 10:51 --------- d-----w C:\Program Files\Microsoft ActiveSync

2008-10-03 03:21 --------- d-----w C:\Documents and Settings\Paul.Camilleri\Application Data\AltiumDesigner6

2008-09-26 10:49 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-25 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-09-25 23:26 --------- d-----w C:\Program Files\Microsoft SQL Server

2008-09-25 23:10 --------- d-----w C:\Program Files\Microsoft Works

2008-09-24 13:36 --------- d-----w C:\Documents and Settings\Paul.Camilleri\Application Data\SolidWorks

2008-09-19 17:28 --------- d-----w C:\Program Files\SolidWorks

2008-09-09 11:31 --------- d-----w C:\Documents and Settings\Paul.Camilleri\Application Data\DBDesigner4

2008-08-25 13:39 --------- d-----w C:\Program Files\Total Uninstall

2008-08-12 20:57 --------- d-----w C:\Documents and Settings\Paul.Camilleri\Application Data\DevelCor

2008-08-12 20:56 --------- d-----w C:\Program Files\DevelCor

2008-08-12 17:40 228,672 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys

2008-08-12 17:40 108,864 ----a-w C:\WINDOWS\system32\drivers\bdfm.sys

2008-08-08 01:58 --------- d-----w C:\Program Files\Sun

2008-08-08 01:58 --------- d-----w C:\Program Files\Java

2008-08-08 00:37 --------- d-----w C:\Program Files\SQLXML 4.0

2008-08-08 00:36 --------- d-----w C:\Program Files\Microsoft.NET

2008-08-08 00:25 --------- d-----w C:\Program Files\Microsoft Analysis Services

2008-08-07 21:21 27,136 ----a-w C:\WINDOWS\~GLH0001.TMP

2008-08-07 21:18 27,136 ----a-w C:\WINDOWS\~GLH0000.TMP

2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-16 18:51 2,041,363 ----a-w C:\WINDOWS\system32\x264vfw.dll

2008-05-20 02:05 4,500,672 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

"1&1 EasyLogin"="C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" [2008-02-27 1540096]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-16 7557120]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]

"ToshibaApp"="C:\WINDOWS\SMSC\CIRHID\V1_0_0000_0\ToshibaRC.exe" [2006-01-31 110592]

"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]

"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2006-04-07 1773568]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]

"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 45632]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 233472]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]

"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]

"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]

"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-10-08 716800]

"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]

"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-08-05 2611096]

"nwiz"="nwiz.exe" [2006-02-16 C:\WINDOWS\system32\nwiz.exe]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

"NDSTray.exe"="NDSTray.exe" [bU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-02 1753088]

PATGuard e-Manager.lnk - C:\Program Files\Seaward\PATGuard Elite\eManagerNR.exe [2006-03-07 73728]

SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 6395464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"SENTINEL"= snti386.dll

"vidc.x264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 160792]

R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-02-20 40928]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-02-20 27776]

R2 altio;altio;C:\WINDOWS\system32\altio.sys [2004-05-26 3200]

R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [2006-03-24 1294336]

R2 MsDtsServer;SQL Server Integration Services;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2008-08-05 205840]

R2 msftesql$MSSQL2005;SQL Server FullText Search (MSSQL2005);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2006-08-28 92952]

R2 MSSQL$MSSQL2005;SQL Server (MSSQL2005);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-08-05 29184016]

R2 ReportServer$MSSQL2005;SQL Server Reporting Services (MSSQL2005);C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2008-08-05 16912]

R3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [2008-08-12 108864]

R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 5504]

R3 FWAuth;FWAuth Driver;C:\WINDOWS\system32\drivers\FWAuthDriver.sys [2008-08-05 58136]

R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 31872]

R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 7936]

R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2006-01-17 15744]

S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]

S3 DTV_Capture_2X0;DVB-T Receiver;C:\WINDOWS\system32\Drivers\DTV_Capture_2X0.sys [2004-09-06 18432]

S3 DTV_Loader_2X1;DVB-T Loader;C:\WINDOWS\system32\Drivers\DTV_Loader_2X1.sys [2005-06-29 19328]

S3 SQLAgent$MSSQL2005;SQL Server Agent (MSSQL2005);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2007-02-10 344944]

S3 VBoxTAP;VirtualBox TAP Adapter;C:\WINDOWS\system32\DRIVERS\VBoxTAP.sys [2007-12-29 47584]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 2808664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

HKLM-Run-ScanSoft OmniPage 15.0-reminder - C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe

Notify-dimsntfy - (no file)

------- Supplementary Scan -------

FireFox -: Profile - C:\Documents and Settings\Paul.Camilleri\Application Data\Mozilla\Firefox\Profiles\0prxd5dz.default\

FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-08 16:04:45

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$MSSQL2005]

"ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQL2005"

------------------------ Other Running Processes ------------------------

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe

C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\intel\ansyslmd.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\PC Tools Firewall Plus\FWService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\snmp.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe

C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe

**************************************************************************

Completion time: 2008-10-08 16:13:54 - machine was rebooted

ComboFix-quarantined-files.txt 2008-10-08 15:13:48

Pre-Run: 1,614,143,488 bytes free

Post-Run: 3,801,489,408 bytes free

281 --- E O F --- 2008-10-08 08:17:10

Niels

Hello bflogon,

I can still see some leftovers of Norton on your computer:

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

That can cause conflicts please follow the instructions that I gave in this topic. To remove Norton completely.

Please do this open wordpad and write this:

File::

C:\WINDOWS\003046_.tmp

C:\Program Files\FLV PlayerRCATSetup.exe

C:\WINDOWS\~GLH0001.TMP

C:\WINDOWS\~GLH0000.TMP

and save it as CFscript. Now drag and drop CFscript on the Combofix icon.

Can you please do this click on start,my computer,double click on the icon of your hard disk/partition were you have installed software. You should see a folder called QooBox. Open that folder. Now you will see the quarantine folder please open that also,C (if you hard drive is called so),windows, system 32. You should also find a subfolder called Program files. Now right click on each item and rename the files that looks like blabla.exe.vir to blabla.exe. You just need to remove the .vir.First you need to show file extensions to do that go to the tools menu,folder options,display/view tab uncheck hide known file extensions press on apply and ok. Confirm the windows warning. Now archive these files by following the instructions in the 2nd post of this topic.

You need to split the archives because there is a 2mb file upload limit. Upload the attachment(s) here in this topic. When you are in the screen for creating a reply please scroll down there you will see the Attachments section press on browse now you need to navigate on your computer to the location of your attachment of the infected files that you have archived press on open to upload here on the forum you need to press on the upload button. Wait till the update is complete.

Kind regards,

Niels