Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help - Please, [Resolved]


  • This topic is locked This topic is locked

#1
JoB

JoB

    Member

  • Member
  • PipPip
  • 13 posts
Had the same problem than thi guy...i coudnt reply there..please help !!

http://www.geekstogo...amp;pid=1146594

"Hello All,

Sorry if this is not in the correct location.

Today my PC has become infected with something nasty, it has disabled several (all security related) services.

These include AVG antivirus / windows firewall / windows defender / security centre / windows update etc.

You can enable them in services.msc, but will not run properly for example

"C:\Program Files\Grisoft\AVG7\avgw.exe is not a valid Win32 application." is displayed

I've downloaded AVG anti spyware, this installed OK (I think), but when you try to run “Connection to service failed. Please reinstall AVG Anti-Spyware 7.7"

I've downloaded & installed spybot (not used for years) but again "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe is not a valid Win32 application."

I've downloaded & installed HijackThis but again "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe is not a valid Win32 application."

It seems that whatever my pc is infected with is stopping all security related software, other software seems to run OK.

Can anyone suggest any way forward?

Cheers"


Thanks a lot,

Jo
  • 0

Advertisements


#2
JoB

JoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Did what "Kahdah" said there...

"Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.
Save it to the desktop.
Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
You will receive a prompt:

Do you want to skip supplementary searches?
click NO
If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run."

I ended up with this..

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
"WindowsWelcomeCenter" = "rundll32.exe oobefldr.dll,ShowWelcomeCenter" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["install"]
"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"
"IgfxTray" = "C:\Windows\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\Windows\system32\hkcmd.exe" ["Intel Corporation"]
"Persistence" = "C:\Windows\system32\igfxpers.exe" ["Intel Corporation"]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"]
"Skytel" = "Skytel.exe" ["Realtek Semiconductor Corp."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"snpstd" = "C:\Windows\vsnpstd.exe" [empty string]
"flockbox" = "C:\Program Files\My Lockbox\flockbox.exe /a" ["FSPro Labs"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
{831CBAC0-8283-4653-9D81-FEB9F3F6E47C}\(Default) = "ADSTechnology module"
-> {HKLM...CLSID} = "ADSTechnology Class"
\InProcServer32\(Default) = "C:\Program Files\ADSTechnology\ADSTechnology.dll" [null data]
{86A44EF7-78FC-4e18-A564-B18F806F7F56}\(Default) = "ActivationManager module"
-> {HKLM...CLSID} = "ActivationManager Class"
\InProcServer32\(Default) = "C:\Program Files\ActivationManager\ActivationManager.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{00020d75-0000-0000-c000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus statistics"
-> {HKLM...CLSID} = "Web Anti-Virus statistics"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\shellex.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\shellex.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"LogonHoursAction" = (REG_DWORD) dword:0x00000002
{unrecognized setting}

"DontDisplayLogonHoursWarnings" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}

"EnableLUA" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}

"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Conrol: Switch to the secure desktop when prompting for elevation}

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\web\Wallpaper\img24.jpg"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Windows\web\Wallpaper\img24.jpg"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\Windows\system32\Bubbles.scr" [MS]


Startup items in "Jo" & "All Users" startup folders:
----------------------------------------------------

C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"Register Genuine Fractals PrintPro 5.0" -> shortcut to: "C:\Program Files\onOne Software\Genuine Fractals\Register Genuine Fractals PrintPro 5.0.exe" ["onOne Software"]


Non-disabled Scheduled Tasks:
-----------------------------

C:\Windows\System32\Tasks\Apple
"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask-Roam" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
"OptinNotification" -> launches: "%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c -i" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
"Microsoft-Windows-DiskDiagnosticDataCollector" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
-> {HKLM...CLSID} = "HotStart User Agent"
\InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]
"TMM" -> launches: "{35EF4182-F900-4632-B072-8639E4478A61}"
-> {HKLM...CLSID} = "Transient Multi-Monitor Manager"
\InProcServer32\(Default) = "C:\Windows\System32\TMM.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection
"NAPStatus UI" -> launches: "{f09878a1-4652-4292-aa63-8c7d4fd7648f}"
-> {HKLM...CLSID} = "Nap ITask Handler Implementation"
\InProcServer32\(Default) = "C:\Windows\System32\QAgent.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
"RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell
"CrawlStartPages" -> launches: "{51653423-e62d-4ff7-894a-dabb2b8e21e2}"
-> {HKLM...CLSID} = "CrawlStartPages Task Handler"
\InProcServer32\(Default) = "C:\Windows\System32\srchadmin.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
"IpAddressConflict1" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
"IpAddressConflict2" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
-> {HKLM...CLSID} = "MsCtfMonitor task handler"
\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wired
"GatherWiredInfo" -> launches: "%windir%\system32\gatherWiredInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Wireless
"GatherWirelessInfo" -> launches: "%windir%\system32\gatherWirelessInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows Defender
"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Windows\system32\wpclsp.dll [MS], 01 - 08, 23
%SystemRoot%\system32\mswsock.dll [MS], 09 - 22


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Web Anti-Virus statistics"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Pesquisa"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Web Anti-Virus statistics"

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]


HOSTS file
----------

C:\Windows\System32\drivers\etc\HOSTS

maps: 2 domain names to IP addresses,
1 of the IP addresses is *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Browser de computador, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]}
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"]
Serviço de Partilha de Rede do Windows Media Player, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\wmpnetwk.exe"" [MS]
Windows Driver Foundation - User Mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
LIDIL hpzlllhn\Driver = "hpzlllhn.dll" ["Hewlett-Packard Company"]


---------- (launch time: 2008-01-28 16:11:07)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 166 seconds.
---------- (total run time: 238 seconds)

Hope you can help !! :)

Edited by JoB, 28 January 2008 - 10:44 AM.

  • 0

#3
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello JoB

Welcome to G2Go. :)
=================
Try to uninstall all but one of your antivirus as you currently have 3.
Keep avg and lose the rest:

I do not see any malware in that log.

Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Combo-Fix from Here

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#5
JoB

JoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Please download Combo-Fix from Here

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**


Hi again..tried the combofix but it says something like that the sytem coudltn find the respective text nmero 0x2371..i tried yesterday the kasper scan and it found some virus..but it didnt give the report text..gonna do the scn again and will try post the report soon..thanks for helping.. :)
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome try to redownload Combo-fix from the link I gave you it is a special version designed for this infection.

If it still will not work then let me know.
  • 0

#7
JoB

JoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hers the report form kaspersky..

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 29, 2008 9:42:46 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/01/2008
Kaspersky Anti-Virus database records: 535777
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 184675
Number of viruses found: 4
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 06:36:01

Infected Object Name / Virus Name / Last Action
C:\$Recycle.Bin\S-1-5-21-790386248-3457186902-897816737-1000\$R92OM7L.zip/Magic RM to MP3 Converter 2.55 (With Crack).exe Infected: Trojan-Downloader.Win32.Bagle.it skipped
C:\$Recycle.Bin\S-1-5-21-790386248-3457186902-897816737-1000\$R92OM7L.zip ZIP: infected - 1 skipped
C:\$Recycle.Bin\S-1-5-21-790386248-3457186902-897816737-1000\$RF06GBH\setup.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\$Recycle.Bin\S-1-5-21-790386248-3457186902-897816737-1000\$RF06GBH\setup.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\$Recycle.Bin\S-1-5-21-790386248-3457186902-897816737-1000\$RF06GBH\setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\$Recycle.Bin\S-1-5-21-790386248-3457186902-897816737-1000\$RF06GBH\setup.exe NSIS: infected - 3 skipped
C:\$Recycle.Bin\S-1-5-21-790386248-3457186902-897816737-1000\$RQ35LOQ.zip/Speedy RM to MP3 Converter 3.0 [Key+Serial].exe Infected: Trojan-Downloader.Win32.Bagle.it skipped
C:\$Recycle.Bin\S-1-5-21-790386248-3457186902-897816737-1000\$RQ35LOQ.zip ZIP: infected - 1 skipped
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\ActivationManager\ActivationManager.dll Infected: not-a-virus:AdWare.Win32.Agent.uj skipped
C:\Program Files\ADSTechnology\ADSTechnology.dll Infected: not-a-virus:AdWare.Win32.Agent.uj skipped
C:\Program Files\ADSTechnology\ADSTechnology.exe Infected: not-a-virus:AdWare.Win32.Agent.uj skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012920080130\index.dat Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RMC91AU\bot[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RMC91AU\cat_business[1].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RMC91AU\defaultCAY2B380.jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RMC91AU\dot[1].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RMC91AU\dropdown_off[1].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RMC91AU\Fevereiro_200x252[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RMC91AU\md-bg[1].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RMC91AU\pcx[1].js Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RMC91AU\short_06a[1].png Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RMC91AU\thaliandrobinkx4jm5[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RMC91AU\ThemeCommon_12.1.0069.1213[1].css Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DL575HDI\default[2].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPU40NDX\ads[8].htm Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPU40NDX\defaultCAAMBJL1.jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPU40NDX\fonc_07[1].png Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPU40NDX\imagesCAAOP8V4.jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPU40NDX\m10840016_loz-hsm[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPU40NDX\showthread[1].htm Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIDO2X4E\ads[7].htm Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIDO2X4E\get_video[4] Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIDO2X4E\get_video[5] Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIDO2X4E\imagesCAEMEEHB.jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I54W72V9\002[1].png Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I54W72V9\09_0000000308_0000000242[1].kmz Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I54W72V9\09_0000000308_0000000243[1].kmz Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I54W72V9\49371-p[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I54W72V9\c=wine;tpc=os_emu_api;tpc=JavaScript;tpc=cpp;tpc=c;tpc=conversion;tpc=video
;tpc=conversion;tpc=cdripping;tpc=cdaudio;tpc=sound;tpc=multimedia;ord=1246437821
341799[2].2 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I54W72V9\c=wine;tpc=os_emu_api;tpc=JavaScript;tpc=cpp;tpc=c;tpc=conversion;tpc=video
;tpc=conversion;tpc=cdripping;tpc=cdaudio;tpc=sound;tpc=multimedia;ord=2150887315
12100[1].28 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I54W72V9\c=wine;tpc=os_emu_api;tpc=JavaScript;tpc=cpp;tpc=c;tpc=conversion;tpc=video
;tpc=conversion;tpc=cdripping;tpc=cdaudio;tpc=sound;tpc=multimedia;ord=2543860461
653527[1].5 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I54W72V9\c=wine;tpc=os_emu_api;tpc=JavaScript;tpc=cpp;tpc=c;tpc=conversion;tpc=video
;tpc=conversion;tpc=cdripping;tpc=cdaudio;tpc=sound;tpc=multimedia;ord=2922470688
628799[1].5 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I54W72V9\c=wine;tpc=os_emu_api;tpc=JavaScript;tpc=cpp;tpc=c;tpc=conversion;tpc=video
;tpc=conversion;tpc=cdripping;tpc=cdaudio;tpc=sound;tpc=multimedia;ord=5430958744
9868[3].914 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I54W72V9\download.product.detail[1].js Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I54W72V9\downloadingCAJXTDG6 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I54W72V9\embed_api_rest[1].xml Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I54W72V9\images[2].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I54W72V9\luvEmbrace43[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I54W72V9\tsc[2].jsp Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I54W72V9\user_review_stars_3[1].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I54W72V9\util_dropdown-l[1].png Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7G9D8G2\favicon[3].ico Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7G9D8G2\lCAJONO2W.swf Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7G9D8G2\prjectofinal12cz4[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7G9D8G2\side_title_suggest[1].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I80FNQNJ\adsCAHADH4I Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I80FNQNJ\adsCATA8PZP Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I80FNQNJ\bg-top[1].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I80FNQNJ\c=wine;tpc=os_emu_api;tpc=JavaScript;tpc=cpp;tpc=c;tpc=conversion;tpc=video
;tpc=conversion;tpc=cdripping;tpc=cdaudio;tpc=sound;tpc=multimedia;ord=1790450156
8661[1].855 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I80FNQNJ\c=wine;tpc=os_emu_api;tpc=JavaScript;tpc=cpp;tpc=c;tpc=conversion;tpc=video
;tpc=conversion;tpc=cdripping;tpc=cdaudio;tpc=sound;tpc=multimedia;ord=3104667629
444521[1].5 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I80FNQNJ\c=wine;tpc=os_emu_api;tpc=JavaScript;tpc=cpp;tpc=c;tpc=conversion;tpc=video
;tpc=conversion;tpc=cdripping;tpc=cdaudio;tpc=sound;tpc=multimedia;ord=3461037424
822196[2].5 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I80FNQNJ\downloadingCACP3SAZ Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I80FNQNJ\download[2].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I80FNQNJ\drop_box_top_drag[1].png Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I80FNQNJ\flatfile[8] Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I80FNQNJ\nav_download[1].png Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I80FNQNJ\pc=wine;tpc=os_emu_api;tpc=JavaScript;tpc=cpp;tpc=c;tpc=conversion;tpc=vide
o;tpc=conversion;tpc=cdripping;tpc=cdaudio;tpc=sound;tpc=multimedia;ord=943139849
859049[2].9 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0ZN156E\0000005073_000000000000000463790[1].swf Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0ZN156E\00000va95[1].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0ZN156E\93fd66img114022r7[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0ZN156E\ads[3].htm Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0ZN156E\defaultCA27S453.jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0ZN156E\searchCAXUR1TX.htm Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0ZN156E\ulstatus[7].htm Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD6OSAU4\09_0000000309_0000000245[1].kmz Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD6OSAU4\bg_textarea[1].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD6OSAU4\c=wine;tpc=os_emu_api;tpc=JavaScript;tpc=cpp;tpc=c;tpc=conversion;tpc=video
;tpc=conversion;tpc=cdripping;tpc=cdaudio;tpc=sound;tpc=multimedia;ord=1062306974
294232[2].6 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD6OSAU4\c=wine;tpc=os_emu_api;tpc=JavaScript;tpc=cpp;tpc=c;tpc=conversion;tpc=video
;tpc=conversion;tpc=cdripping;tpc=cdaudio;tpc=sound;tpc=multimedia;ord=1842662396
121491[2].7 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD6OSAU4\c=wine;tpc=os_emu_api;tpc=JavaScript;tpc=cpp;tpc=c;tpc=conversion;tpc=video
;tpc=conversion;tpc=cdripping;tpc=cdaudio;tpc=sound;tpc=multimedia;ord=2513994917
020751[3].5 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD6OSAU4\directx_feb2007_redist[1].exe Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD6OSAU4\downloadingCABFNVPP Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD6OSAU4\photoshopcs2-p2[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD6OSAU4\uploadSuccess2[1].css Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT11ZOWS\2464805300098844121esiuhh8.th[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT11ZOWS\2837837190098844121DhSilS_th[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT11ZOWS\blue[1].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT11ZOWS\blue[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT11ZOWS\ico_02[2].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT11ZOWS\new_tab_unselected_right_worth[1].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT11ZOWS\ptop[1].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M27A81LR\friendsfun;tile=1;a=19;g=F;dcopt=ist;sz=300x250;ord=20665[1].htm Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M27A81LR\lCAP9NZEX.swf Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2EEYL5F\bullet[2].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2EEYL5F\downloadingCA4O1G8J Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2EEYL5F\downloadingCAVL1TUR Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2EEYL5F\s_3349ec9a6c567d966c7ba0cb04ca66a1[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9GL42M1\2977073510098844121buprid9.th[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9GL42M1\center[1].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9GL42M1\defaultCA5OID7G.jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9GL42M1\imagesCALLB60D.jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9GL42M1\t_classificados_tp[1].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMU77101\5576-b[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMU77101\c=wine;tpc=os_emu_api;tpc=JavaScript;tpc=cpp;tpc=c;tpc=conversion;tpc=video
;tpc=conversion;tpc=cdripping;tpc=cdaudio;tpc=sound;tpc=multimedia;ord=1602494695
21762[2].66 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMU77101\c=wine;tpc=os_emu_api;tpc=JavaScript;tpc=cpp;tpc=c;tpc=conversion;tpc=video
;tpc=conversion;tpc=cdripping;tpc=cdaudio;tpc=sound;tpc=multimedia;ord=3893754339
615556[2].5 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMU77101\classics_newshirts-300x250[1].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMU77101\gray-arrow[1].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMU77101\Jokes_freaky_300[1].swf Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMU77101\pc=wine;tpc=os_emu_api;tpc=JavaScript;tpc=cpp;tpc=c;tpc=conversion;tpc=vide
o;tpc=conversion;tpc=cdripping;tpc=cdaudio;tpc=sound;tpc=multimedia;ord=520130945
166125[4].1 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SC3U8TS4\143a[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SC3U8TS4\imagesCALUU1YX.jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SC3U8TS4\new-poll-button[1].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SC3U8TS4\s_80b602fb4ca2cbafa01a8f7db3706e84[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SDJ0IL85\17[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SDJ0IL85\defaultCATBDGMZ.jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SDJ0IL85\friendsfun;tile=1;a=19;g=F;dcopt=ist;sz=300x250;ord=82315[1].htm Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SDJ0IL85\l[4].swf Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SDJ0IL85\player2[10].swf Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YRL91MKH\43fa7f58b7eac7ac872209342e62e8f1[1].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YRL91MKH\bobmontpellier1lw8[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YRL91MKH\controls[1].js Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YRL91MKH\fb_button[1].gif Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YRL91MKH\l_be902bd0e89247d03661c0bd6bd6391e[1].jpg Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YRL91MKH\rss[1].xml Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\UsrClass.dat{55a900b8-b348-11dc-92c5-001bb9bd18ab}.TM.blf Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\UsrClass.dat{55a900b8-b348-11dc-92c5-001bb9bd18ab}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\UsrClass.dat{55a900b8-b348-11dc-92c5-001bb9bd18ab}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Jo\Downloads\Magic RM to MP3 Converter 2.55 (With Crack)\Magic RM to MP3 Converter 2.55 (With Crack).exe Infected: Trojan-Downloader.Win32.Bagle.it skipped
C:\Users\Jo\Downloads\Speedy RM to MP3 Converter 3.0 [Key+Serial]\Speedy RM to MP3 Converter 3.0 [Key+Serial].exe Infected: Trojan-Downloader.Win32.Bagle.it skipped
C:\Users\Jo\ntuser.dat Object is locked skipped
C:\Users\Jo\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Jo\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Jo\ntuser.dat{41666b38-b346-11dc-9aff-001bb9bd18ab}.TM.blf Object is locked skipped
C:\Users\Jo\ntuser.dat{41666b38-b346-11dc-9aff-001bb9bd18ab}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Jo\ntuser.dat{41666b38-b346-11dc-9aff-001bb9bd18ab}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\joana\AppData\Local\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Users\joana\AppData\Local\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Users\joana\AppData\Local\Temp\1C2A.tmp/data0005 Infected: not-a-virus:AdWare.Win32.Agent.uj skipped
C:\Users\joana\AppData\Local\Temp\1C2A.tmp NSIS: infected - 1 skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\fidbox.dat Object is locked skipped
C:\Windows\System32\drivers\fidbox.idx Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Antivirus.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16386_none_69f99fa4b7380194\ntoskrnl.exe Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16514_none_6a435250b701059d\ntoskrnl.exe Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16551_none_6a1511c2b724295c\ntoskrnl.exe Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16575_none_6a037312b730c69a\ntoskrnl.exe Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20629_none_6ac720a1d022400b\ntoskrnl.exe Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20670_none_6a880e6bd052e7b1\ntoskrnl.exe Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20697_none_6a797099d05cd0f4\ntoskrnl.exe Object is locked skipped

Scan process completed.
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ComboFix from Here to your Desktop.


Very Important when you are asked to save this file save it as Combo-fix note the - in between the Combo and fix this is extremely important.
If you do not do this then this infection will stop combofix from running.


After you download it
  • Close any open browsers.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you. >"C:\ComboFix.txt"
  • Post that log here in your next reply.

  • 0

#9
JoB

JoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Please download ComboFix from Here to your Desktop.


Very Important when you are asked to save this file save it as Combo-fix note the - in between the Combo and fix this is extremely important.
If you do not do this then this infection will stop combofix from running.


After you download it

  • Close any open browsers.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you. >"C:\ComboFix.txt"
  • Post that log here in your next reply.


Oh got i now..have to put an "-" between the words comobo and fix...ok, yeah it did happen when i just save it normally..it didnt let it run.gonna try it..it did open this time but the blue box says that the sytem couldnt the respetive text and talk about some message nmero 0x2371...

Edited by JoB, 30 January 2008 - 08:58 AM.

  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please go to Start>Search type in Notepad.
Copy what is in the code box below into the open Notepad window.
Change the "Save As Type" to "All Files". Save it as Save1.bat on your Desktop.
@Echo off
sc stop "srosa"
sc delete "srosa"
quit
Don't do anything with this yet we will in a minute.
=============
Same as before go to Start>Search type in Notepad.
Copy what is in the code box below into the open Notepad window.
Change the "Save As Type" to "All Files". Save it as Save2.bat on your Desktop.
@Echo off
attrib -s -r -h "C:\Users\joana\AppData\Local\Temp\1C2A.tmp"
del /q "C:\Users\joana\AppData\Local\Temp\1C2A.tmp"
attrib -s -r -h "C:\Windows\System32\mdelk.exe"
del /q "C:\Windows\System32\mdelk.exe"
attrib -s -r -h "C:\WINDOWS\system32\drivers\srosa.sys"
del /q "C:\WINDOWS\system32\drivers\srosa.sys"
attrib -s -r -h "C:\WINDOWS\system32\drivers\hldrrr.exe"
del /q "C:\WINDOWS\system32\drivers\hldrrr.exe"
attrib -s -r -h "C:\WINDOWS\system32\drivers\down*.*"
rd /q /s "C:\WINDOWS\system32\drivers\down"
attrib -s -r -h "C:\Program Files\ActivationManager*.*"
rd /q /s "C:\Program Files\ActivationManager"
attrib -s -r -h "C:\Program Files\ADSTechnology*.*"
rd /q /s "C:\Program Files\ADSTechnology"
attrib -s -r -h "C:\Users\Jo\Downloads\Magic RM to MP3 Converter 2.55 (With Crack)*.*"
rd /q /s "C:\Users\Jo\Downloads\Magic RM to MP3 Converter 2.55 (With Crack)"
attrib -s -r -h "C:\Users\Jo\Downloads\Speedy RM to MP3 Converter 3.0 [Key+Serial]*.*"
rd /q /s "C:\Users\Jo\Downloads\Speedy RM to MP3 Converter 3.0 [Key+Serial]"
quit
Again don't do anything with this yet.
Just save it to your desktop.
========================================
Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

Right click on the Save1.bat and choose Run as administrator.
a window will open and close quickly.This is normal.
Then immediately do the same with save2.bat.

(Note if you cannot boot into safe mode then reboot into normal mode and try it from there.)
=====================================
After that reboot and then Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Let me know how it goes.
  • 0

Advertisements


#11
JoB

JoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Just created the files but wehn i started in safe mode..the files werent in the dextop..tred to run them in normal mode but after i clicked run as admin the sytm rebbot itself..appeard a full blue screen talkin about sme crash for 1 second and then just rebboted...do you want me to do the 2nd pass without doing this?..please let me know what you think..Thanks :)
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Save the files to your C:\Drive or somewhere that you can find them just not the desktop.
Then reboot into safe mode and try to do it again.
Instead of running as admin try to just double click on each file like a normal application.
Let me know what happens.

After that try Deckard system scanner.

Edited by kahdah, 30 January 2008 - 09:04 PM.

  • 0

#13
JoB

JoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Just saved it in c and started it in safe mode..only click in the first 1, it was supposed to click on the 2 or thats ok..?..i saw that rapid balck window..rebbot in normal mode and did the deckard scan..hers the logs..

Deckard's System Scanner v20071014.68
Run by Jo on 2008-01-31 12:34:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
18: 2008-01-30 23:38:15 UTC - RP108 - Ponto de Verificação Agendado
17: 2008-01-28 15:52:46 UTC - RP107 - Installed Kaspersky Anti-Virus 7.0.
16: 2008-01-27 03:53:53 UTC - RP106 - Installed FaceGen Modeller
15: 2008-01-27 03:53:06 UTC - RP104 - Removed FaceGen Modeller
14: 2008-01-27 03:50:22 UTC - RP102 - Configured AVG 7.5


-- First Restore Point --
1: 2008-01-17 15:05:56 UTC - RP87 - Ponto de Verificação Agendado


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-31 12:36:34
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Windows\explorer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\vsnpstd.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\SearchFilterHost.exe
C:\Users\Jo\Desktop\dss.exe
C:\Windows\System32\conime.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll
O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll
O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll
O15 - Trusted Zone: http://good-times.webshots.com (HKCU)
O16 - DPF: ServerPushBox () - http://www.turismodo...ort/servp14.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritag...EngineQuery.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\system32\avgwlntf.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe


--
End of file - 8739 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 srosa (Megadrv3) - \??\c:\windows\system32\drivers\srosa.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-12-31 and 2008-01-31 -----------------------------

2008-01-31 12:33:56 686630 --a------ C:\dss.exe
2008-01-31 12:19:40 1063 --a------ C:\Save2.bat
2008-01-31 12:19:40 51 --a------ C:\Save1.bat
2008-01-30 14:55:02 0 d-------- C:\Combo-Fix
2008-01-29 15:38:54 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-01-28 17:54:59 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-01-28 15:54:12 91492 --a------ C:\Windows\system32\drivers\klin.dat
2008-01-28 15:54:12 85860 --a------ C:\Windows\system32\drivers\klick.dat
2008-01-28 15:53:22 41240608 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2008-01-28 15:53:22 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-01-28 15:53:22 0 d-------- C:\Program Files\Kaspersky Lab
2008-01-28 15:52:16 0 d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-01-28 15:49:59 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-01-27 04:07:19 0 d-------- C:\Program Files\MediaCoder Audio Edition
2008-01-27 03:55:43 52224 --a------ C:\Windows\system32\Crypserv.exe <Not Verified; Kenonic Controls Ltd.; CrypKey Software Licensing System>
2008-01-27 03:55:43 24608 --a------ C:\Windows\system32\Ckldrv.sys
2008-01-27 03:55:43 27648 -ra------ C:\Windows\Setup_ck.exe
2008-01-27 03:55:43 18432 --a------ C:\Windows\Setup_ck.dll
2008-01-27 03:55:43 11776 --a------ C:\Windows\Ckrfresh.exe
2008-01-27 03:55:43 165888 --a------ C:\Windows\Ckconfig.exe <Not Verified; Kenonic Controls; CKCONFIG Application>
2008-01-27 03:47:35 0 d-------- C:\Program Files\Easy RM to MP3 Converter
2008-01-27 03:08:44 71172 --a------ C:\Windows\system32\mdelk.exe
2008-01-27 02:31:54 164352 --a------ C:\Windows\system32\unrar.dll
2008-01-27 02:31:53 217088 --a------ C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-01-27 02:31:53 1559040 --a------ C:\Windows\system32\xvidcore.dll
2008-01-27 02:31:52 282624 --a------ C:\Windows\system32\xvidvfw.dll
2008-01-27 02:31:52 682496 --a------ C:\Windows\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-27 02:31:51 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-01-27 02:31:51 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-01-27 01:18:24 0 d-------- C:\Program Files\RM to MP3 Converter
2008-01-26 14:09:37 0 d--h----- C:\Windows\msdownld.tmp
2008-01-26 14:09:34 0 d-------- C:\Windows\system32\directx
2008-01-26 12:02:40 0 d-------- C:\Program Files\Free RM to MP3 Converter
2008-01-26 12:01:14 0 d-------- C:\Program Files\Real Alternative
2008-01-26 12:01:09 0 d-------- C:\Program Files\Magic RM to MP3 Converter
2008-01-04 15:21:21 0 d-------- C:\Program Files\Alwil Software
2008-01-04 14:36:54 0 dr------- C:\Users\Jani\Searches
2008-01-04 14:36:44 0 dr------- C:\Users\Jani\Contacts
2008-01-04 14:36:37 0 dr------- C:\Users\Jani\Videos
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\SendTo
2008-01-04 14:36:37 0 dr------- C:\Users\Jani\Saved Games
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\Recent
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\PrintHood
2008-01-04 14:36:37 0 dr------- C:\Users\Jani\Pictures
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\Os meus documentos
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\NetHood
2008-01-04 14:36:37 0 dr------- C:\Users\Jani\Music
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\Modelos
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\Menu Iniciar
2008-01-04 14:36:37 0 dr------- C:\Users\Jani\Links
2008-01-04 14:36:37 0 dr------- C:\Users\Jani\Favorites
2008-01-04 14:36:37 0 dr------- C:\Users\Jani\Downloads
2008-01-04 14:36:37 0 dr------- C:\Users\Jani\Documents
2008-01-04 14:36:37 0 dr------- C:\Users\Jani\Desktop
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\Definições locais
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\Cookies
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\Application Data
2008-01-04 14:36:37 0 d--h----- C:\Users\Jani\AppData
2008-01-04 14:36:36 1310720 --ahs---- C:\Users\Jani\NTUSER.DAT
2008-01-04 11:15:39 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-02 08:08:43 0 d-------- C:\Program Files\WinMX
2007-12-31 06:37:25 0 d-------- C:\Users\All Users\TEMP
2007-12-31 06:37:15 45056 --a------ C:\Windows\system32\Wnaspi32.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
2007-12-31 06:37:15 16877 --a------ C:\Windows\system32\drivers\Aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
2007-12-31 06:37:15 3535 --a------ C:\Windows\system\Wowpost.exe
2007-12-31 06:37:15 4455 --a------ C:\Windows\system\Winaspi.dll
2007-12-31 06:37:10 0 d-------- C:\Program Files\AoA DVD Ripper
2007-12-31 05:27:01 227840 --a------ C:\Windows\system32\Deco_32.dll <Not Verified; Iterated Systems, Inc.; Fractal Image Decoder>
2007-12-31 05:27:00 0 d-------- C:\Program Files\onOne Software
2007-12-31 01:39:01 0 d-------- C:\Program Files\XviD
2007-12-31 01:38:44 120320 --a------ C:\Windows\system32\apexchanger.exe
2007-12-31 01:38:44 109568 --a------ C:\Windows\system32\apex3gp.exe
2007-12-31 01:38:43 312320 --a------ C:\Windows\system32\NCTVideoView.dll <Not Verified; Online Media Technologies Ltd.; NCTVideoView ActiveX DLL>
2007-12-31 01:38:43 188416 --a------ C:\Windows\system32\NCTVideoFile.dll <Not Verified; NCT Company Ltd.; NCTVideoFile ActiveX DLL>
2007-12-31 01:38:43 495104 --a------ C:\Windows\system32\NCTVideoCoreM.dll <Not Verified; NCT Company Ltd.; NCTVideoCoreM ActiveX DLL>
2007-12-31 01:38:43 780288 --a------ C:\Windows\system32\NCTVideoCompress.dll <Not Verified; NCT Company Ltd.; NCTVideoCompress ActiveX DLL>
2007-12-31 01:38:43 764416 --a------ C:\Windows\system32\NCTRMFile.dll <Not Verified; NCT Company Ltd.; NCTRMFile ActiveX DLL>
2007-12-31 01:38:43 249856 --a------ C:\Windows\system32\NCTQuickTimeFile.dll <Not Verified; Online Media Technologies Company Ltd.; NCTQuickTimeFile Module>
2007-12-31 01:38:43 626688 --a------ C:\Windows\system32\NCTImageFile.dll <Not Verified; Online Media Technologies Ltd.; NCTImageFile ActiveX DLL>
2007-12-31 01:38:43 382464 --a------ C:\Windows\system32\NCTAVIFile.dll <Not Verified; NCT Company Ltd.; NCTAVIFile ActiveX DLL>
2007-12-31 01:38:43 90112 --a------ C:\Windows\system32\NCTAudioFormatSettings3.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFormatSettings3 Module>
2007-12-31 01:38:43 2846720 --a------ C:\Windows\system32\NCTAudioCompress3.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress3 Module>
2007-12-31 01:38:43 61440 --a------ C:\Windows\system32\cygz.dll
2007-12-31 01:38:43 1295582 --a------ C:\Windows\system32\cygwin1.dll <Not Verified; Red Hat; Cygwin>
2007-12-31 01:38:43 3138048 --a------ C:\Windows\system32\apexxbox.exe
2007-12-31 01:38:43 398798 --a------ C:\Windows\system32\apexpmp.exe <Not Verified; IndigoSTAR Software; IndigoPerl>
2007-12-31 01:38:43 4755968 --a------ C:\Windows\system32\apexconverter.exe
2007-12-31 01:38:43 86016 --a------ C:\Windows\system32\AddiTunes.exe
2007-12-31 01:38:42 215552 --a------ C:\Windows\system32\NCTWMVFile.dll <Not Verified; NCT Company Ltd.; NCTWMVFile ActiveX DLL>
2007-12-31 01:38:42 778240 --a------ C:\Windows\system32\NCTAudioCompress2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress2 Module>
2007-12-31 01:38:42 237568 --a------ C:\Windows\system32\lame_enc.dll
2007-12-31 01:38:41 81920 --a------ C:\Windows\system32\viscomwave.dll <Not Verified; Viscom Software; >
2007-12-31 01:38:41 147456 --a------ C:\Windows\system32\viscomqtenc.dll <Not Verified; Viscom Software www.viscomsoft.com; >
2007-12-31 01:38:41 139264 --a------ C:\Windows\system32\viscomqtde.dll <Not Verified; Viscom Software www.viscomsoft.com; >
2007-12-31 01:38:41 0 d-------- C:\Windows\system32\RMBin
2007-12-31 01:38:40 0 d-------- C:\Program Files\Apex
2007-12-31 01:38:40 0 d-------- C:\Apex


-- Find3M Report ---------------------------------------------------------------

2008-01-29 14:08:42 0 d-------- C:\Users\Jo\AppData\Roaming\Adobe
2008-01-28 18:26:15 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-27 03:56:32 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-27 03:53:59 114688 --a------ C:\Windows\system32\wmatimer.dll
2008-01-27 03:47:47 0 d-------- C:\Users\Jo\AppData\Roaming\Real
2008-01-27 03:47:00 0 d-------- C:\Program Files\Singular Inversions
2008-01-27 03:46:20 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-27 02:45:57 0 d-------- C:\Program Files\Winamp
2008-01-27 02:39:53 0 d-------- C:\Program Files\WM Recorder 10
2008-01-27 02:30:18 0 d-------- C:\Program Files\DivX
2008-01-26 08:58:24 0 d-------- C:\Program Files\WMR11
2008-01-26 08:00:04 0 d-------- C:\Users\Jo\AppData\Roaming\AVG7
2008-01-23 02:29:11 520986 --a------ C:\Windows\system32\prfh0816.dat
2008-01-23 02:29:11 86310 --a------ C:\Windows\system32\prfc0816.dat
2008-01-16 18:07:51 0 d-------- C:\Users\Jo\AppData\Roaming\LimeWire
2008-01-10 03:20:36 0 d-------- C:\Program Files\Windows Mail
2008-01-10 03:20:35 0 d-------- C:\Program Files\Windows Sidebar
2008-01-05 05:09:03 0 d-------- C:\Users\Jo\AppData\Roaming\Google
2008-01-04 10:46:34 0 d-------- C:\Users\Jo\AppData\Roaming\PeerNetworking
2008-01-02 06:41:34 0 d-------- C:\Program Files\WinPcap
2007-12-30 05:41:34 0 d-------- C:\Users\Jo\AppData\Roaming\BitTorrent
2007-12-30 05:41:30 0 d-------- C:\Users\Jo\AppData\Roaming\uTorrent
2007-12-30 03:28:08 0 d-------- C:\Program Files\AV Vcs 4.0 DIAMOND
2007-12-29 22:48:51 0 d-------- C:\Program Files\BitComet
2007-12-29 05:12:29 0 d-------- C:\Program Files\WinAVIVideoConverter
2007-12-29 04:41:14 0 d-------- C:\Users\Jo\AppData\Roaming\GeoVid
2007-12-29 03:44:21 0 d-------- C:\Users\Jo\AppData\Roaming\DivX
2007-12-29 03:42:46 0 d-------- C:\Program Files\NeXus RV10 & MKV Filtres
2007-12-29 03:34:40 0 d-------- C:\Users\Jo\AppData\Roaming\Ahead
2007-12-26 07:51:59 0 d-------- C:\Users\Jo\AppData\Roaming\Media Player Classic
2007-12-26 07:51:09 0 d-------- C:\Users\Jo\AppData\Roaming\vlc
2007-12-26 05:16:50 0 d-------- C:\Users\Jo\AppData\Roaming\WinRAR
2007-12-26 04:23:56 0 d-------- C:\Users\Jo\AppData\Roaming\Winamp
2007-12-26 00:55:46 0 d-------- C:\Users\Jo\AppData\Roaming\Macromedia
2007-12-25 03:28:28 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-12-25 02:46:11 0 d-------- C:\Program Files\Google
2007-12-23 06:26:10 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2007-12-23 06:26:06 0 d-------- C:\Program Files\Common Files
2007-12-23 04:08:05 0 d-------- C:\Program Files\eMule
2007-12-23 02:37:28 0 d-------- C:\Program Files\LimeWire
2007-12-23 02:37:20 0 d-------- C:\Program Files\Java
2007-12-23 02:36:16 0 d-------- C:\Program Files\Common Files\Java
2007-12-23 01:49:56 0 d-------- C:\Program Files\My Lockbox
2007-12-23 00:24:04 0 d-------- C:\Program Files\WinDirStat
2007-12-22 22:43:16 0 d-------- C:\Program Files\PC Wizard 2008
2007-12-15 23:37:51 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2007-12-15 01:36:59 0 d-------- C:\Program Files\Kjofol
2007-12-12 04:03:25 0 d-------- C:\Program Files\VideoLAN
2007-12-11 22:33:14 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-12-10 04:11:36 0 d-------- C:\Program Files\GeoVid
2007-12-03 02:37:05 0 d-------- C:\Program Files\Riva
2007-12-03 02:13:53 0 d-------- C:\Program Files\BitTorrent
2007-12-02 03:40:58 0 d-------- C:\Program Files\uTorrent
2007-12-01 05:29:05 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-12-01 04:21:51 0 d-------- C:\Program Files\ActivationManager
2007-12-01 04:21:50 0 d-------- C:\Program Files\ADSTechnology
2007-11-29 23:30:28 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-11-29 23:28:24 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-11-24 01:47:13 413184 --a------ C:\Windows\system32\paintball.scr
2007-11-24 01:47:13 35 --a------ C:\Windows\brassi.dat
2007-11-21 20:07:40 174 --ahs---- C:\Program Files\desktop.ini
2007-11-16 17:43:23 268435456 --ahs---- C:\WinPEpge.sys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-21 20:01]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-05-04 06:10]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-05-04 06:10]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-05-04 06:10]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2004-10-14 08:08]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 07:51 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-04-13 07:36 C:\Windows\SkyTel.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-31 12:33]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-24 18:15]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"snpstd"="C:\Windows\vsnpstd.exe" [2005-10-11 20:54]
"flockbox"="C:\Program Files\My Lockbox\flockbox.exe" [2007-04-17 23:52]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 15:16]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-31 12:33]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-01-31 12:33]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 03:01]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:34]

C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-11-21 20:19 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-01-31 12:37:50 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Basic (build 6000)
Architecture: X86; Language: Portuguese

CPU 0: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 2037.63 MiB / 1329.54 MiB
Pagefile Memory (total/avail): 4293.72 MiB / 3467.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.55 MiB

C: is Fixed (NTFS) - 465.76 GiB total, 299.41 GiB free.
D: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD5000AAKS-00YGA0 ATA Device - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.76 GiB - C:

\\.\PHYSICALDRIVE1 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.516 v7.5.516 (Grisoft)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Jo\AppData\Roaming
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JO-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Jo
LOCALAPPDATA=C:\Users\Jo\AppData\Local
LOGONSERVER=\\JO-PC
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Jo\AppData\Local\Temp
TMP=C:\Users\Jo\AppData\Local\Temp
USERDOMAIN=Jo-PC
USERNAME=Jo
USERPROFILE=C:\Users\Jo
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Jo (admin)
Jani
Convidado.Jo-PC.000 (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office system --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AoA DVD Ripper --> "C:\Program Files\AoA DVD Ripper\unins000.exe"
Apex Video Converter Super 6.12 --> "C:\Program Files\Apex\Apex Video Converter Super\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Arquivo do WinRAR --> C:\Program Files\WinRAR\uninstall.exe
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AV Voice Changer Software DIAMOND 4.0 --> C:\PROGRA~1\AVVCS4~1.0DI\UNWISE.EXE C:\PROGRA~1\AVVCS4~1.0DI\INSTALL.LOG
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy RM to MP3 Converter 1.59.20 --> "C:\Program Files\Easy RM to MP3 Converter\unins000.exe"
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
FaceGen Modeller --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5455CB33-E3FF-4E71-9FAD-0D5DCA2686B7}
Free RM to MP3 Converter 1.12 --> "C:\Program Files\Free RM to MP3 Converter\unins000.exe"
Free Video to Mp3 Converter version 2.8 --> "C:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
Genuine Fractals 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC38B36B-90F8-4C1F-8AC9-236B851B8871}\setup.exe" -l0x9 -uninst -removeonly
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Hearing Range Checker --> MsiExec.exe /I{00808BAC-1C52-4D9E-B6D4-93EC47A4D579}
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
K-Jöfol 2000 --> C:\PROGRA~1\Kjofol\UNWISE.EXE C:\PROGRA~1\Kjofol\INSTALL.LOG
K-Lite Mega Codec Pack 3.7.0 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire 4.14.12 --> "C:\Program Files\LimeWire\uninstall.exe"
Magic RM RAM to MP3 Converter 3.5 --> "C:\Program Files\Magic RM to MP3 Converter\unins000.exe"
MediaCoder Audio Edition 0.6.1 --> C:\Program Files\MediaCoder Audio Edition\uninst.exe
Microsoft Office Access MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-0015-0816-0000-0000000FF1CE}
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-0016-0816-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-001A-0816-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-0018-0816-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007 --> MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-001F-0816-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-002C-0816-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-0019-0816-0000-0000000FF1CE}
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-006E-0816-0000-0000000FF1CE}
Microsoft Office Word MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-001B-0816-0000-0000000FF1CE}
My Lockbox 1.1 for Windows 2000/XP --> "C:\Program Files\My Lockbox\unins000.exe"
Nero 7 Essentials --> MsiExec.exe /X{B28B351F-1232-46EA-85EF-B8EA91642070}
PC Wizard 2008.1.81 --> "C:\Program Files\PC Wizard 2008\unins000.exe"
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Real Alternative 1.60 Lite --> "C:\Program Files\Real Alternative\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x816 -removeonly
Riva FLV Player --> "C:\Program Files\Riva\Riva FLV Player\unins000.exe"
RM to MP3 Converter 1.48 --> "C:\Program Files\RM to MP3 Converter\unins000.exe"
Security Update for Excel 2007 (KB936509) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Sweet Home 3D version 1.2 --> "C:\Program Files\Sweet Home 3D\unins000.exe"
Uninstall 1.0.0.0 --> "C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Office 2007 (KB932080) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB937608) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb943597) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A751F0DB-8476-4207-956E-20AEBBA4B1DA}
Update for Word 2007 (KB934173) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
VideoAvatar --> "C:\Program Files\GeoVid\Video Avatar\unins000.exe"
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter\unins000.exe"
WinDirStat 1.1.2 --> "C:\Program Files\WinDirStat\Uninstall.exe"
Windows Live installer --> MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}
Windows Live Messenger --> MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}
WinMX --> C:\Program Files\WinMX\uninstall.exe
WinPcap 3.1 beta3 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WM Recorder + RM Recorder 10.1 --> C:\Windows\iun6002.exe "C:\Program Files\WM Recorder 10\irunin.ini"
WM Recorder 11.3 --> C:\Program Files\WMR11\Uninstal.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type5263 / Success
Event Submitted/Written: 01/31/2008 00:32:08 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type5262 / Success
Event Submitted/Written: 01/31/2008 00:32:08 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type5260 / Success
Event Submitted/Written: 01/31/2008 00:32:02 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
O serviço de Licenciamento de Software foi iniciado.

Event Record #/Type5248 / Success
Event Submitted/Written: 01/31/2008 00:24:22 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type5247 / Success
Event Submitted/Written: 01/31/2008 00:24:21 PM
Event ID/Source: 5615 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type30390 / Error
Event Submitted/Written: 01/31/2008 00:32:09 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Kaspersky Anti-Virus 7.0%%193

Event Record #/Type30389 / Error
Event Submitted/Written: 01/31/2008 00:32:09 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
AVG7 Resident Shield Service%%193

Event Record #/Type30353 / Error
Event Submitted/Written: 01/31/2008 00:31:59 PM
Event ID/Source: 6008 / EventLog
Event Description:
O anterior encerramento do sistema, 31-01-2008 às 12:29:08, foi inesperado.

Event Record #/Type30331 / Error
Event Submitted/Written: 01/31/2008 00:22:49 PM
Event ID/Source: 10005 / DCOM
Event Description:
1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Event Record #/Type30330 / Error
Event Submitted/Written: 01/31/2008 00:22:49 PM
Event ID/Source: 10005 / DCOM
Event Description:
1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}



-- End of Deckard's System Scanner: finished at 2008-01-31 12:37:50 ------------
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I will need you to reboot back into safe made again and run the save2.bat then reboot into normal mode and then run Deckard system scanner again.
  • 0

#15
JoB

JoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hrer it is...only gave 1 log this time....

Deckard's System Scanner v20071014.68
Run by Jo on 2008-02-01 16:51:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-01 16:52:22
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Windows\explorer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\vsnpstd.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\SearchFilterHost.exe
C:\Windows\System32\conime.exe
C:\Users\Jo\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll
O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll
O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll
O15 - Trusted Zone: http://good-times.webshots.com (HKCU)
O16 - DPF: ServerPushBox () - http://www.turismodo...ort/servp14.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritag...EngineQuery.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\system32\avgwlntf.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe


--
End of file - 8788 bytes

-- Files created between 2008-01-01 and 2008-02-01 -----------------------------

2008-02-01 16:46:37 71172 --a------ C:\Windows\system32\mdelk.exe
2008-01-31 12:33:56 686630 --a------ C:\dss.exe
2008-01-31 12:19:40 1063 --a------ C:\Save2.bat
2008-01-31 12:19:40 51 --a------ C:\Save1.bat
2008-01-30 14:55:02 0 d-------- C:\Combo-Fix
2008-01-29 15:38:54 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-01-28 17:54:59 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-01-28 15:54:12 91492 --a------ C:\Windows\system32\drivers\klin.dat
2008-01-28 15:54:12 85860 --a------ C:\Windows\system32\drivers\klick.dat
2008-01-28 15:53:22 43444256 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2008-01-28 15:53:22 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-01-28 15:53:22 0 d-------- C:\Program Files\Kaspersky Lab
2008-01-28 15:52:16 0 d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-01-28 15:49:59 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-01-27 04:07:19 0 d-------- C:\Program Files\MediaCoder Audio Edition
2008-01-27 03:55:43 52224 --a------ C:\Windows\system32\Crypserv.exe <Not Verified; Kenonic Controls Ltd.; CrypKey Software Licensing System>
2008-01-27 03:55:43 24608 --a------ C:\Windows\system32\Ckldrv.sys
2008-01-27 03:55:43 27648 -ra------ C:\Windows\Setup_ck.exe
2008-01-27 03:55:43 18432 --a------ C:\Windows\Setup_ck.dll
2008-01-27 03:55:43 11776 --a------ C:\Windows\Ckrfresh.exe
2008-01-27 03:55:43 165888 --a------ C:\Windows\Ckconfig.exe <Not Verified; Kenonic Controls; CKCONFIG Application>
2008-01-27 03:47:35 0 d-------- C:\Program Files\Easy RM to MP3 Converter
2008-01-27 02:31:54 164352 --a------ C:\Windows\system32\unrar.dll
2008-01-27 02:31:53 217088 --a------ C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-01-27 02:31:53 1559040 --a------ C:\Windows\system32\xvidcore.dll
2008-01-27 02:31:52 282624 --a------ C:\Windows\system32\xvidvfw.dll
2008-01-27 02:31:52 682496 --a------ C:\Windows\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-27 02:31:51 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-01-27 02:31:51 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-01-27 01:18:24 0 d-------- C:\Program Files\RM to MP3 Converter
2008-01-26 14:09:37 0 d--h----- C:\Windows\msdownld.tmp
2008-01-26 14:09:34 0 d-------- C:\Windows\system32\directx
2008-01-26 12:02:40 0 d-------- C:\Program Files\Free RM to MP3 Converter
2008-01-26 12:01:14 0 d-------- C:\Program Files\Real Alternative
2008-01-26 12:01:09 0 d-------- C:\Program Files\Magic RM to MP3 Converter
2008-01-04 15:21:21 0 d-------- C:\Program Files\Alwil Software
2008-01-04 14:36:54 0 dr------- C:\Users\Jani\Searches
2008-01-04 14:36:44 0 dr------- C:\Users\Jani\Contacts
2008-01-04 14:36:37 0 dr------- C:\Users\Jani\Videos
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\SendTo
2008-01-04 14:36:37 0 dr------- C:\Users\Jani\Saved Games
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\Recent
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\PrintHood
2008-01-04 14:36:37 0 dr------- C:\Users\Jani\Pictures
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\Os meus documentos
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\NetHood
2008-01-04 14:36:37 0 dr------- C:\Users\Jani\Music
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\Modelos
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\Menu Iniciar
2008-01-04 14:36:37 0 dr------- C:\Users\Jani\Links
2008-01-04 14:36:37 0 dr------- C:\Users\Jani\Favorites
2008-01-04 14:36:37 0 dr------- C:\Users\Jani\Downloads
2008-01-04 14:36:37 0 dr------- C:\Users\Jani\Documents
2008-01-04 14:36:37 0 dr------- C:\Users\Jani\Desktop
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\Definições locais
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\Cookies
2008-01-04 14:36:37 0 d--hs---- C:\Users\Jani\Application Data
2008-01-04 14:36:37 0 d--h----- C:\Users\Jani\AppData
2008-01-04 14:36:36 1310720 --ahs---- C:\Users\Jani\NTUSER.DAT
2008-01-04 11:15:39 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-02 08:08:43 0 d-------- C:\Program Files\WinMX


-- Find3M Report ---------------------------------------------------------------

2008-01-29 14:08:42 0 d-------- C:\Users\Jo\AppData\Roaming\Adobe
2008-01-28 18:26:15 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-27 03:56:32 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-27 03:53:59 114688 --a------ C:\Windows\system32\wmatimer.dll
2008-01-27 03:47:47 0 d-------- C:\Users\Jo\AppData\Roaming\Real
2008-01-27 03:47:00 0 d-------- C:\Program Files\Singular Inversions
2008-01-27 03:46:20 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-27 02:45:57 0 d-------- C:\Program Files\Winamp
2008-01-27 02:39:53 0 d-------- C:\Program Files\WM Recorder 10
2008-01-27 02:30:18 0 d-------- C:\Program Files\DivX
2008-01-26 08:58:24 0 d-------- C:\Program Files\WMR11
2008-01-26 08:00:04 0 d-------- C:\Users\Jo\AppData\Roaming\AVG7
2008-01-23 02:29:11 520986 --a------ C:\Windows\system32\prfh0816.dat
2008-01-23 02:29:11 86310 --a------ C:\Windows\system32\prfc0816.dat
2008-01-16 18:07:51 0 d-------- C:\Users\Jo\AppData\Roaming\LimeWire
2008-01-10 03:20:36 0 d-------- C:\Program Files\Windows Mail
2008-01-10 03:20:35 0 d-------- C:\Program Files\Windows Sidebar
2008-01-05 05:09:03 0 d-------- C:\Users\Jo\AppData\Roaming\Google
2008-01-04 10:46:34 0 d-------- C:\Users\Jo\AppData\Roaming\PeerNetworking
2008-01-02 06:41:34 0 d-------- C:\Program Files\WinPcap
2007-12-31 06:39:51 0 d-------- C:\Program Files\AoA DVD Ripper
2007-12-31 06:37:12 0 d-------- C:\Program Files\XviD
2007-12-31 05:27:00 0 d-------- C:\Program Files\onOne Software
2007-12-31 01:38:40 0 d-------- C:\Program Files\Apex
2007-12-30 05:41:34 0 d-------- C:\Users\Jo\AppData\Roaming\BitTorrent
2007-12-30 05:41:30 0 d-------- C:\Users\Jo\AppData\Roaming\uTorrent
2007-12-30 03:28:08 0 d-------- C:\Program Files\AV Vcs 4.0 DIAMOND
2007-12-29 22:48:51 0 d-------- C:\Program Files\BitComet
2007-12-29 05:12:29 0 d-------- C:\Program Files\WinAVIVideoConverter
2007-12-29 04:41:14 0 d-------- C:\Users\Jo\AppData\Roaming\GeoVid
2007-12-29 03:44:21 0 d-------- C:\Users\Jo\AppData\Roaming\DivX
2007-12-29 03:42:46 0 d-------- C:\Program Files\NeXus RV10 & MKV Filtres
2007-12-29 03:34:40 0 d-------- C:\Users\Jo\AppData\Roaming\Ahead
2007-12-26 07:51:59 0 d-------- C:\Users\Jo\AppData\Roaming\Media Player Classic
2007-12-26 07:51:09 0 d-------- C:\Users\Jo\AppData\Roaming\vlc
2007-12-26 05:16:50 0 d-------- C:\Users\Jo\AppData\Roaming\WinRAR
2007-12-26 04:23:56 0 d-------- C:\Users\Jo\AppData\Roaming\Winamp
2007-12-26 00:55:46 0 d-------- C:\Users\Jo\AppData\Roaming\Macromedia
2007-12-25 03:28:28 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-12-25 02:46:11 0 d-------- C:\Program Files\Google
2007-12-23 06:26:10 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2007-12-23 06:26:06 0 d-------- C:\Program Files\Common Files
2007-12-23 04:08:05 0 d-------- C:\Program Files\eMule
2007-12-23 02:37:28 0 d-------- C:\Program Files\LimeWire
2007-12-23 02:37:20 0 d-------- C:\Program Files\Java
2007-12-23 02:36:16 0 d-------- C:\Program Files\Common Files\Java
2007-12-23 01:49:56 0 d-------- C:\Program Files\My Lockbox
2007-12-23 00:24:04 0 d-------- C:\Program Files\WinDirStat
2007-12-22 22:43:16 0 d-------- C:\Program Files\PC Wizard 2008
2007-12-15 23:37:51 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2007-12-15 01:36:59 0 d-------- C:\Program Files\Kjofol
2007-12-12 04:03:25 0 d-------- C:\Program Files\VideoLAN
2007-12-11 22:33:14 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-12-10 04:11:36 0 d-------- C:\Program Files\GeoVid
2007-12-03 02:37:05 0 d-------- C:\Program Files\Riva
2007-12-03 02:13:53 0 d-------- C:\Program Files\BitTorrent
2007-12-02 03:40:58 0 d-------- C:\Program Files\uTorrent
2007-12-01 05:29:05 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-29 23:30:28 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-11-29 23:28:24 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-11-24 01:47:13 413184 --a------ C:\Windows\system32\paintball.scr
2007-11-24 01:47:13 35 --a------ C:\Windows\brassi.dat
2007-11-21 20:07:40 174 --ahs---- C:\Program Files\desktop.ini
2007-11-16 17:43:23 268435456 --ahs---- C:\WinPEpge.sys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-21 20:01]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-05-04 06:10]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-05-04 06:10]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-05-04 06:10]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2004-10-14 08:08]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 07:51 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-04-13 07:36 C:\Windows\SkyTel.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-01 16:48]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-24 18:15]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"snpstd"="C:\Windows\vsnpstd.exe" [2005-10-11 20:54]
"flockbox"="C:\Program Files\My Lockbox\flockbox.exe" [2007-04-17 23:52]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 15:16]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-02-01 16:48]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-01 16:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 03:01]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:34]

C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-11-21 20:19 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-02-01 16:53:04 ------------
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP