Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

RunDLL Errors: xxyARihh.dll; byXPJAtu.dll [CLOSED]

Started by papaguy1980 , Jul 11 2008 09:17 PM

This topic is locked

#1
papaguy1980

Posted 11 July 2008 - 09:17 PM

New Member

Member
7 posts

Any help would be greatly appreciated! Here's the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:56, on 12/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\ZSSnp211.EXE
C:\Windows\Domino.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\Windows\Temp\CTun.exe" "/remove"
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Danny\AppData\Local\Temp\byXPJAtU.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Danny\AppData\Local\Temp\xxyARihh.dll,c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Startup: YPOPs.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...s/wlscctrl2.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...SS.cab69309.cab
O16 - DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - https://www.coolroom.../ActiveX/ax.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: anthracosaurus - {9f5cb985-d4a4-49af-9185-133f956b5756} - (no file)
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 10942 bytes

#2
Rorschach112

Posted 12 July 2008 - 06:36 AM

Ralphie

Retired Staff
47,710 posts

Hello

Please download Runscanner to your desktop and run it.

When the first page comes up select Beginner Mode
On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here. If the forum doesn't let you upload it then please zip the .run file by right clicking and selecting send to Zip file

Then upload that as an attachment in your next post (you may have to zip the .run file to upload it here).

#3
papaguy1980

Posted 12 July 2008 - 07:04 AM

New Member

Topic Starter
Member
7 posts

Have I done it right?

Attached Files

Select_a_name.zip 110.15KB 99 downloads

#4
Rorschach112

Posted 12 July 2008 - 07:15 AM

Ralphie

Retired Staff
47,710 posts

Hello

Download the attachment at the end of this post (this will be your runscanner file fixed by me)

Unzip it to your desktop then double click the runscanner icon this will run the program.
You will notice several entries in red.
Click the button at the top called Fix selected items
Accept the warning(s) and repeat until they are all gone.
Reboot your PC

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#5
papaguy1980

Posted 12 July 2008 - 07:54 AM

New Member

Topic Starter
Member
7 posts

OK. Thanks for this. The errors have stopped on start-up. Here's the next bit.....

Deckard's System Scanner v20071014.68
Run by Danny on 2008-07-12 22:41:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 4 Restore Point(s) --
4: 2008-07-11 16:47:44 UTC - RP359 - Windows Update
3: 2008-07-11 07:01:57 UTC - RP358 - Scheduled Checkpoint
2: 2008-07-10 08:10:14 UTC - RP357 - Windows Update
1: 2008-07-10 02:24:25 UTC - RP356 - Windows Update

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Danny.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:44:18, on 12/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\ZSSnp211.EXE
C:\Windows\Domino.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Users\Danny\Downloads\dss.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Danny.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\Windows\Temp\CTun.exe" "/remove"
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Startup: YPOPs.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...s/wlscctrl2.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...SS.cab69309.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: anthracosaurus - {9f5cb985-d4a4-49af-9185-133f956b5756} - (no file)
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 9544 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Hotkey - c:\windows\system32\drivers\hotkey.sys

S3 flash - \??\c:\windows\system32\drivers\flash.sys
S3 ZSMC211 (CMS-V23) - c:\windows\system32\drivers\zs211.sys <Not Verified; VM; ZS211.sys>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 TestHandler (Fujitsu Siemens Computers Diagnostic Testhandler) - c:\firststeps\onlinediagnostic\testmanager\testhandler.exe <Not Verified; Fujitsu Siemens Computers; ServerView Online Diagnostic>
R3 WisLMSvc - "c:\program files\launch manager\wislmsvc.exe" <Not Verified; Wistron Corp.; >

S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>
S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0006
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0006
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0007
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0007
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0021
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0021
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0024
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0024
Service: tunnel

-- Scheduled Tasks -------------------------------------------------------------

2008-07-12 22:40:23 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{88EE94D1-9972-4330-8DE5-F1FD8DB722A2}.job
2008-01-29 10:20:29 254 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job

-- Files created between 2008-06-12 and 2008-07-12 -----------------------------

2008-07-12 13:30:40 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-07-12 11:50:32 0 d-------- C:\Program Files\Trend Micro
2008-07-11 21:14:58 0 d-------- C:\Program Files\Free Window Registry Repair
2008-07-11 21:05:30 0 d-------- C:\Program Files\RegCure
2008-07-05 13:01:24 0 d-------- C:\VundoFix Backups
2008-07-05 12:56:48 0 d-------- C:\Program Files\Windows Live Safety Center
2008-07-05 01:06:25 0 d-------- C:\Program Files\Common Files\Skype
2008-07-02 13:13:24 0 d-------- C:\Program Files\Microsoft.NET
2008-07-02 13:11:28 0 d-------- C:\Users\All Users\Microsoft Help
2008-07-02 12:38:08 56 --ah----- C:\Users\All Users\ezsidmv.dat
2008-07-01 17:18:20 0 d-------- C:\Program Files\Undisker
2008-06-30 04:19:07 0 d-------- C:\Program Files\Iteral

-- Find3M Report ---------------------------------------------------------------

2008-07-12 22:41:12 0 d-------- C:\Users\Danny\AppData\Roaming\Skype
2008-07-12 21:49:29 0 d-------- C:\Users\Danny\AppData\Roaming\skypePM
2008-07-12 19:44:30 0 d-------- C:\Users\Danny\AppData\Roaming\LimeWire
2008-07-12 13:52:35 0 d-------- C:\Program Files\YPOPs
2008-07-12 13:31:00 0 d-------- C:\Users\Danny\AppData\Roaming\Mozilla
2008-07-12 13:30:59 0 d-------- C:\Users\Danny\AppData\Roaming\Thunderbird
2008-07-10 11:42:44 174 --ahs---- C:\Program Files\desktop.ini
2008-07-10 11:25:12 0 d-------- C:\Program Files\Windows Mail
2008-07-09 21:08:06 0 d-------- C:\Program Files\Microsoft Silverlight
2008-07-07 21:43:18 3768 --a------ C:\Users\Danny\AppData\Roaming\wklnhst.dat
2008-07-05 01:06:27 0 d-------- C:\Program Files\Skype
2008-07-05 01:06:25 0 d-------- C:\Program Files\Common Files
2008-07-02 13:14:13 0 d-------- C:\Program Files\Microsoft Works
2008-07-01 15:32:03 0 d-------- C:\Program Files\LimeWire
2008-06-30 19:38:22 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-30 04:15:02 0 d-------- C:\Users\Danny\AppData\Roaming\PMCallCenter
2008-06-14 16:41:57 0 d-------- C:\Users\Danny\AppData\Roaming\AVG7
2008-06-09 22:16:17 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-09 10:25:36 230818 --a------ C:\Windows\uninstall News_and.exe
2008-06-09 10:25:36 1042950 --a------ C:\Windows\News_and.scr
2008-06-08 17:49:50 23 --a------ C:\Windows\system32\sysmwwod.dll
2008-06-03 22:53:37 0 d-------- C:\Program Files\EyeSpyFX_Webcam
2008-06-02 23:35:07 0 d-------- C:\Program Files\Limewire Download Booster
2008-05-25 22:19:08 0 d-------- C:\Users\Danny\AppData\Roaming\Intel
2008-05-25 22:19:08 0 d-------- C:\Program Files\Intel
2008-05-25 22:18:11 53858 --a------ C:\Windows\system32\dcads-remove.exe
2008-05-24 17:47:09 0 d-------- C:\Program Files\Google
2008-05-16 23:36:33 0 d-------- C:\Users\Danny\AppData\Roaming\dvdcss
2008-05-16 00:52:44 0 d-------- C:\Program Files\VideoLAN

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [16/06/2007 18:30]
"RtHDVCpl"="RtHDVCpl.exe" [29/12/2006 19:11 C:\Windows\RtHDVCpl.exe]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [09/08/2007 06:09]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [09/03/2007 19:09]
"Uninstall_CToolbar"="C:\Windows\Temp\CTun.exe" []
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [25/07/2005 13:36]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [14/12/2006 16:53]
"LMgrVolOSD"="C:\Program Files\Launch Manager\OSD.exe" [26/12/2006 11:23]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [29/08/2006 09:26]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [09/11/2006 14:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"ZSSnp211"="C:\Windows\ZSSnp211.exe" [19/08/2006 12:37]
"Domino"="C:\Windows\Domino.exe" [18/08/2006 16:58]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [16/04/2008 10:29]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [24/05/2008 17:47]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/11/2006 04:35]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 21:35]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [08/06/2007 23:59]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [17/12/2007 17:13]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [30/05/2008 15:54]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 21:36]
"@"="" []

C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [24/08/2007 04:45:42]
wkcalrem.LNK - C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [18/08/2005 20:44:26]
YPOPs.lnk - C:\Program Files\YPOPs\YPOPs.exe [12/07/2008 13:52:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 30/03/2008 16:44 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {019749A1-F9BC-476C-2614-58D9ED0A6F40} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-07-12 22:47:15 ------------

Deckard's System Scanner v20071014.68
Run by Danny on 2008-07-12 22:41:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 4 Restore Point(s) --
4: 2008-07-11 16:47:44 UTC - RP359 - Windows Update
3: 2008-07-11 07:01:57 UTC - RP358 - Scheduled Checkpoint
2: 2008-07-10 08:10:14 UTC - RP357 - Windows Update
1: 2008-07-10 02:24:25 UTC - RP356 - Windows Update

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Danny.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:44:18, on 12/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\ZSSnp211.EXE
C:\Windows\Domino.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Users\Danny\Downloads\dss.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Danny.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\Windows\Temp\CTun.exe" "/remove"
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Startup: YPOPs.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...s/wlscctrl2.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...SS.cab69309.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: anthracosaurus - {9f5cb985-d4a4-49af-9185-133f956b5756} - (no file)
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 9544 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Hotkey - c:\windows\system32\drivers\hotkey.sys

S3 flash - \??\c:\windows\system32\drivers\flash.sys
S3 ZSMC211 (CMS-V23) - c:\windows\system32\drivers\zs211.sys <Not Verified; VM; ZS211.sys>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 TestHandler (Fujitsu Siemens Computers Diagnostic Testhandler) - c:\firststeps\onlinediagnostic\testmanager\testhandler.exe <Not Verified; Fujitsu Siemens Computers; ServerView Online Diagnostic>
R3 WisLMSvc - "c:\program files\launch manager\wislmsvc.exe" <Not Verified; Wistron Corp.; >

S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>
S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0006
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0006
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0007
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0007
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0021
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0021
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0024
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0024
Service: tunnel

-- Scheduled Tasks -------------------------------------------------------------

2008-07-12 22:40:23 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{88EE94D1-9972-4330-8DE5-F1FD8DB722A2}.job
2008-01-29 10:20:29 254 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job

-- Files created between 2008-06-12 and 2008-07-12 -----------------------------

2008-07-12 13:30:40 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-07-12 11:50:32 0 d-------- C:\Program Files\Trend Micro
2008-07-11 21:14:58 0 d-------- C:\Program Files\Free Window Registry Repair
2008-07-11 21:05:30 0 d-------- C:\Program Files\RegCure
2008-07-05 13:01:24 0 d-------- C:\VundoFix Backups
2008-07-05 12:56:48 0 d-------- C:\Program Files\Windows Live Safety Center
2008-07-05 01:06:25 0 d-------- C:\Program Files\Common Files\Skype
2008-07-02 13:13:24 0 d-------- C:\Program Files\Microsoft.NET
2008-07-02 13:11:28 0 d-------- C:\Users\All Users\Microsoft Help
2008-07-02 12:38:08 56 --ah----- C:\Users\All Users\ezsidmv.dat
2008-07-01 17:18:20 0 d-------- C:\Program Files\Undisker
2008-06-30 04:19:07 0 d-------- C:\Program Files\Iteral

-- Find3M Report ---------------------------------------------------------------

2008-07-12 22:41:12 0 d-------- C:\Users\Danny\AppData\Roaming\Skype
2008-07-12 21:49:29 0 d-------- C:\Users\Danny\AppData\Roaming\skypePM
2008-07-12 19:44:30 0 d-------- C:\Users\Danny\AppData\Roaming\LimeWire
2008-07-12 13:52:35 0 d-------- C:\Program Files\YPOPs
2008-07-12 13:31:00 0 d-------- C:\Users\Danny\AppData\Roaming\Mozilla
2008-07-12 13:30:59 0 d-------- C:\Users\Danny\AppData\Roaming\Thunderbird
2008-07-10 11:42:44 174 --ahs---- C:\Program Files\desktop.ini
2008-07-10 11:25:12 0 d-------- C:\Program Files\Windows Mail
2008-07-09 21:08:06 0 d-------- C:\Program Files\Microsoft Silverlight
2008-07-07 21:43:18 3768 --a------ C:\Users\Danny\AppData\Roaming\wklnhst.dat
2008-07-05 01:06:27 0 d-------- C:\Program Files\Skype
2008-07-05 01:06:25 0 d-------- C:\Program Files\Common Files
2008-07-02 13:14:13 0 d-------- C:\Program Files\Microsoft Works
2008-07-01 15:32:03 0 d-------- C:\Program Files\LimeWire
2008-06-30 19:38:22 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-30 04:15:02 0 d-------- C:\Users\Danny\AppData\Roaming\PMCallCenter
2008-06-14 16:41:57 0 d-------- C:\Users\Danny\AppData\Roaming\AVG7
2008-06-09 22:16:17 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-09 10:25:36 230818 --a------ C:\Windows\uninstall News_and.exe
2008-06-09 10:25:36 1042950 --a------ C:\Windows\News_and.scr
2008-06-08 17:49:50 23 --a------ C:\Windows\system32\sysmwwod.dll
2008-06-03 22:53:37 0 d-------- C:\Program Files\EyeSpyFX_Webcam
2008-06-02 23:35:07 0 d-------- C:\Program Files\Limewire Download Booster
2008-05-25 22:19:08 0 d-------- C:\Users\Danny\AppData\Roaming\Intel
2008-05-25 22:19:08 0 d-------- C:\Program Files\Intel
2008-05-25 22:18:11 53858 --a------ C:\Windows\system32\dcads-remove.exe
2008-05-24 17:47:09 0 d-------- C:\Program Files\Google
2008-05-16 23:36:33 0 d-------- C:\Users\Danny\AppData\Roaming\dvdcss
2008-05-16 00:52:44 0 d-------- C:\Program Files\VideoLAN

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [16/06/2007 18:30]
"RtHDVCpl"="RtHDVCpl.exe" [29/12/2006 19:11 C:\Windows\RtHDVCpl.exe]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [09/08/2007 06:09]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [09/03/2007 19:09]
"Uninstall_CToolbar"="C:\Windows\Temp\CTun.exe" []
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [25/07/2005 13:36]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [14/12/2006 16:53]
"LMgrVolOSD"="C:\Program Files\Launch Manager\OSD.exe" [26/12/2006 11:23]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [29/08/2006 09:26]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [09/11/2006 14:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"ZSSnp211"="C:\Windows\ZSSnp211.exe" [19/08/2006 12:37]
"Domino"="C:\Windows\Domino.exe" [18/08/2006 16:58]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [16/04/2008 10:29]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [24/05/2008 17:47]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/11/2006 04:35]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 21:35]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [08/06/2007 23:59]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [17/12/2007 17:13]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [30/05/2008 15:54]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 21:36]
"@"="" []

C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [24/08/2007 04:45:42]
wkcalrem.LNK - C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [18/08/2005 20:44:26]
YPOPs.lnk - C:\Program Files\YPOPs\YPOPs.exe [12/07/2008 13:52:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 30/03/2008 16:44 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {019749A1-F9BC-476C-2614-58D9ED0A6F40} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-07-12 22:47:15 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5300 @ 1.73GHz
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 1917.63 MiB / 1254.77 MiB
Pagefile Memory (total/avail): 4055.73 MiB / 2989.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.02 MiB

C: is Fixed (NTFS) - 65.41 GiB total, 30.16 GiB free.
D: is Fixed (NTFS) - 32.7 GiB total, 27.54 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHW2120BH ATA Device - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 11.72 GiB
\PARTITION1 (bootable) - Installable File System - 65.41 GiB - C:
\PARTITION2 - Installable File System - 32.7 GiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.524 v7.5.524 (Grisoft)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\PPMate\\ppmnet.exe"="C:\\Program Files\\PPMate\\ppmnet.exe:*:Enabled:PPMate"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Danny\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DANNY-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Danny
LOCALAPPDATA=C:\Users\Danny\AppData\Local
LOGONSERVER=\\DANNY-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Danny\AppData\Local\Temp
TMP=C:\Users\Danny\AppData\Local\Temp
USERDOMAIN=Danny-PC
USERNAME=Danny
USERPROFILE=C:\Users\Danny
windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

Danny
Guest (new local, guest, net ready)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI Uninstaller --> C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Browser Optimizer Dcads --> C:\Windows\system32\dcads-remove.exe
CMS-V23 --> C:\Program Files\InstallShield Installation Information\{44D02D8B-FFB3-4245-8D26-68D10B4C4023}\setup.exe -runfromtemp -l0x0009 -removeonly
Conferencing --> rundll32.exe dfshim.dll,ShArpMaintain Conferencing.application, Culture=neutral, PublicKeyToken=2cc11dba48d2dce1, processorArchitecture=msil
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player -->

#6
Rorschach112

Posted 13 July 2008 - 06:03 AM

Ralphie

Retired Staff
47,710 posts

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O22 - SharedTaskScheduler: anthracosaurus - {9f5cb985-d4a4-49af-9185-133f956b5756} - (no file)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
[kill explorer]
C:\Windows\system32\sysmwwod.dll
C:\Windows\system32\dcads-remove.exe
purity 
EmptyTemp
[start explorer]
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\Windows\uninstall News_and.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.

Also post a new DSS log

#7
papaguy1980

Posted 13 July 2008 - 06:29 AM

New Member

Topic Starter
Member
7 posts

Explorer killed successfully
LoadLibrary failed for C:\Windows\system32\sysmwwod.dll
C:\Windows\system32\sysmwwod.dll NOT unregistered.
File move failed. C:\Windows\system32\sysmwwod.dll scheduled to be moved on reboot.
File move failed. C:\Windows\system32\dcads-remove.exe scheduled to be moved on reboot.
< purity >
< EmptyTemp >
File delete failed. C:\Users\Danny\AppData\Local\Temp\Acr154B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF289E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF28B1.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF310E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF3145.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF35F6.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF3605.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF3CA2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF3CAC.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF3F04.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF3F0E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF4AC2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF4B98.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF5023.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF502D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF6238.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF6250.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile00.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20080712-225337-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20080712-225353-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20080713-114321-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20080713-114334-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\MpCmdRun.log scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07132008_210909

Files moved on Reboot...
LoadLibrary failed for C:\Windows\system32\sysmwwod.dll
C:\Windows\system32\sysmwwod.dll NOT unregistered.
File move failed. C:\Windows\system32\sysmwwod.dll scheduled to be moved on reboot.
File move failed. C:\Windows\system32\dcads-remove.exe scheduled to be moved on reboot.
File move failed. C:\Users\Danny\AppData\Local\Temp\Acr154B.tmp scheduled to be moved on reboot.
File C:\Users\Danny\AppData\Local\Temp\~DF289E.tmp not found!
File C:\Users\Danny\AppData\Local\Temp\~DF28B1.tmp not found!
File C:\Users\Danny\AppData\Local\Temp\~DF310E.tmp not found!
File C:\Users\Danny\AppData\Local\Temp\~DF3145.tmp not found!
File C:\Users\Danny\AppData\Local\Temp\~DF35F6.tmp not found!
File C:\Users\Danny\AppData\Local\Temp\~DF3605.tmp not found!
File C:\Users\Danny\AppData\Local\Temp\~DF3CA2.tmp not found!
File C:\Users\Danny\AppData\Local\Temp\~DF3CAC.tmp not found!
File C:\Users\Danny\AppData\Local\Temp\~DF3F04.tmp not found!
File C:\Users\Danny\AppData\Local\Temp\~DF3F0E.tmp not found!
File C:\Users\Danny\AppData\Local\Temp\~DF4AC2.tmp not found!
File C:\Users\Danny\AppData\Local\Temp\~DF4B98.tmp not found!
File C:\Users\Danny\AppData\Local\Temp\~DF5023.tmp not found!
File C:\Users\Danny\AppData\Local\Temp\~DF502D.tmp not found!
C:\Users\Danny\AppData\Local\Temp\~DF6238.tmp moved successfully.
C:\Users\Danny\AppData\Local\Temp\~DF6250.tmp moved successfully.
File move failed. C:\Windows\temp\fwtsqmfile00.sqm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\lpksetup-20080712-225337-0.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\lpksetup-20080712-225353-0.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\lpksetup-20080713-114321-0.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\lpksetup-20080713-114334-0.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\MpCmdRun.log scheduled to be moved on reboot.

Antivirus Version Last Update Result
AhnLab-V3 2008.7.11.0 2008.07.11 -
AntiVir 7.8.0.64 2008.07.11 -
Authentium 5.1.0.4 2008.07.13 -
Avast 4.8.1195.0 2008.07.13 -
AVG 7.5.0.516 2008.07.12 -
BitDefender 7.2 2008.07.13 -
CAT-QuickHeal 9.50 2008.07.11 -
ClamAV 0.93.1 2008.07.13 -
DrWeb 4.44.0.09170 2008.07.12 -
eSafe 7.0.17.0 2008.07.10 Suspicious File
eTrust-Vet 31.6.5949 2008.07.12 -
Ewido 4.0 2008.07.13 -
F-Prot 4.4.4.56 2008.07.13 -
F-Secure 7.60.13501.0 2008.07.12 -
Fortinet 3.14.0.0 2008.07.13 -
GData 2.0.7306.1023 2008.07.13 -
Ikarus T3.1.1.26.0 2008.07.13 Trojan-PWS.Banker.20135
Kaspersky 7.0.0.125 2008.07.13 -
McAfee 5337 2008.07.11 -
Microsoft 1.3704 2008.07.13 -
NOD32v2 3263 2008.07.11 -
Norman 5.80.02 2008.07.11 -
Panda 9.0.0.4 2008.07.13 -
Prevx1 V2 2008.07.13 -
Rising 20.52.62.00 2008.07.13 -
Sophos 4.31.0 2008.07.13 -
Sunbelt 3.1.1536.1 2008.07.12 -
Symantec 10 2008.07.13 -
TheHacker 6.2.96.378 2008.07.13 -
TrendMicro 8.700.0.1004 2008.07.11 -
VBA32 3.12.6.9 2008.07.12 -
VirusBuster 4.5.11.0 2008.07.12 -
Webwasher-Gateway 6.6.2 2008.07.11 -
Additional information
File size: 230818 bytes
MD5...: eea412c161adb8b1f0630eaab5203e7e
SHA1..: 89bced85708e862e388d8d22c7f971c2d3654585
SHA256: 9ac96610c63486bc7f857e9dcb43976a791a8b16140e58679465462e37f06f74
SHA512: f822c028b4c9243dbd2c306edf8b34a64d482065c4d2b46f0d4edfd21928f738
c0be504f9d8e69508406c8d97d3a14c82b02431f992d8be7b6865ab3b137f9a4
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x49c060
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x66000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x67000 0x36000 0x35400 7.92 d361f3542c79f145210bc4a2ae2e831f
.rsrc 0x9d000 0x3000 0x2a00 4.34 98292055b9fa75c46e3c025841bd6154

( 10 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> advapi32.dll: FreeSid
> comctl32.dll: ImageList_Add
> gdi32.dll: SaveDC
> mpr.dll: WNetGetConnectionA
> ole32.dll: OleDraw
> oleaut32.dll: VariantCopy
> shell32.dll: ShellExecuteA
> user32.dll: GetDC
> version.dll: VerQueryValueA

( 0 exports )
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX

Deckard's System Scanner v20071014.68
Run by Danny on 2008-07-13 21:24:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Danny.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:55, on 13/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\ZSSnp211.EXE
C:\Windows\Domino.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\ehome\ehtray.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Danny\Downloads\dss(2).exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Danny.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\Windows\Temp\CTun.exe" "/remove"
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Startup: YPOPs.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...s/wlscctrl2.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...SS.cab69309.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: anthracosaurus - {9f5cb985-d4a4-49af-9185-133f956b5756} - (no file)
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 9635 bytes

-- Files created between 2008-06-13 and 2008-07-13 -----------------------------

2008-07-12 23:10:40 0 d-------- C:\Windows\lhsp
2008-07-12 13:30:40 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-07-12 11:50:32 0 d-------- C:\Program Files\Trend Micro
2008-07-11 21:14:58 0 d-------- C:\Program Files\Free Window Registry Repair
2008-07-11 21:05:30 0 d-------- C:\Program Files\RegCure
2008-07-05 13:01:24 0 d-------- C:\VundoFix Backups
2008-07-05 12:56:48 0 d-------- C:\Program Files\Windows Live Safety Center
2008-07-05 01:06:25 0 d-------- C:\Program Files\Common Files\Skype
2008-07-02 13:13:24 0 d-------- C:\Program Files\Microsoft.NET
2008-07-02 13:11:28 0 d-------- C:\Users\All Users\Microsoft Help
2008-07-02 12:38:08 56 --ah----- C:\Users\All Users\ezsidmv.dat
2008-07-01 17:18:20 0 d-------- C:\Program Files\Undisker
2008-06-30 04:19:07 0 d-------- C:\Program Files\Iteral

-- Find3M Report ---------------------------------------------------------------

2008-07-13 21:16:29 0 d-------- C:\Users\Danny\AppData\Roaming\Skype
2008-07-13 21:14:39 0 d-------- C:\Users\Danny\AppData\Roaming\skypePM
2008-07-13 15:38:31 0 d-------- C:\Users\Danny\AppData\Roaming\LimeWire
2008-07-12 23:12:52 53506 --a------ C:\Users\Danny\AppData\Roaming\speech.wav
2008-07-12 23:04:03 0 d-------- C:\Users\Danny\AppData\Roaming\NCH Swift Sound
2008-07-12 13:52:35 0 d-------- C:\Program Files\YPOPs
2008-07-12 13:31:00 0 d-------- C:\Users\Danny\AppData\Roaming\Mozilla
2008-07-12 13:30:59 0 d-------- C:\Users\Danny\AppData\Roaming\Thunderbird
2008-07-10 11:42:44 174 --ahs---- C:\Program Files\desktop.ini
2008-07-10 11:25:12 0 d-------- C:\Program Files\Windows Mail
2008-07-09 21:08:06 0 d-------- C:\Program Files\Microsoft Silverlight
2008-07-07 21:43:18 3768 --a------ C:\Users\Danny\AppData\Roaming\wklnhst.dat
2008-07-05 01:06:27 0 d-------- C:\Program Files\Skype
2008-07-05 01:06:25 0 d-------- C:\Program Files\Common Files
2008-07-02 13:14:13 0 d-------- C:\Program Files\Microsoft Works
2008-07-01 15:32:03 0 d-------- C:\Program Files\LimeWire
2008-06-30 19:38:22 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-30 04:15:02 0 d-------- C:\Users\Danny\AppData\Roaming\PMCallCenter
2008-06-14 16:41:57 0 d-------- C:\Users\Danny\AppData\Roaming\AVG7
2008-06-09 22:16:17 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-09 10:25:36 230818 --a------ C:\Windows\uninstall News_and.exe
2008-06-09 10:25:36 1042950 --a------ C:\Windows\News_and.scr
2008-06-08 17:49:50 23 --a------ C:\Windows\system32\sysmwwod.dll
2008-06-03 22:53:37 0 d-------- C:\Program Files\EyeSpyFX_Webcam
2008-06-02 23:35:07 0 d-------- C:\Program Files\Limewire Download Booster
2008-05-25 22:19:08 0 d-------- C:\Users\Danny\AppData\Roaming\Intel
2008-05-25 22:19:08 0 d-------- C:\Program Files\Intel
2008-05-25 22:18:11 53858 --a------ C:\Windows\system32\dcads-remove.exe
2008-05-24 17:47:09 0 d-------- C:\Program Files\Google
2008-05-16 23:36:33 0 d-------- C:\Users\Danny\AppData\Roaming\dvdcss
2008-05-16 00:52:44 0 d-------- C:\Program Files\VideoLAN

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [16/06/2007 18:30]
"RtHDVCpl"="RtHDVCpl.exe" [29/12/2006 19:11 C:\Windows\RtHDVCpl.exe]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [09/08/2007 06:09]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [09/03/2007 19:09]
"Uninstall_CToolbar"="C:\Windows\Temp\CTun.exe" []
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [25/07/2005 13:36]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [14/12/2006 16:53]
"LMgrVolOSD"="C:\Program Files\Launch Manager\OSD.exe" [26/12/2006 11:23]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [29/08/2006 09:26]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [09/11/2006 14:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"ZSSnp211"="C:\Windows\ZSSnp211.exe" [19/08/2006 12:37]
"Domino"="C:\Windows\Domino.exe" [18/08/2006 16:58]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [16/04/2008 10:29]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [24/05/2008 17:47]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/11/2006 04:35]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 21:35]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [08/06/2007 23:59]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [17/12/2007 17:13]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [30/05/2008 15:54]
"@"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 21:36]

C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [24/08/2007 04:45:42]
wkcalrem.LNK - C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [18/08/2005 20:44:26]
YPOPs.lnk - C:\Program Files\YPOPs\YPOPs.exe [12/07/2008 13:52:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 30/03/2008 16:44 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {019749A1-F9BC-476C-2614-58D9ED0A6F40} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-07-13 21:25:49 ------------

#8
Rorschach112

Posted 13 July 2008 - 10:41 AM

Ralphie

Retired Staff
47,710 posts

Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

#9
papaguy1980

Posted 13 July 2008 - 09:19 PM

New Member

Topic Starter
Member
7 posts

Hello. Here are the logs from ComboFix ans HijackThis. Thank you so much for this!

ComboFix 08-07-13.6 - Danny 2008-07-14 12:07:50.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1158 [GMT 9:00]
Running from: C:\Users\Danny\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
C:\Users\Danny\FAVORI~1\Online Security Test.url
C:\Users\Danny\Favorites\Online Security Test.url
C:\Windows\system32\adssitesuggest.dll
C:\Windows\system32\dcads-remove.exe
C:\Windows\system32\imvalid.ico
C:\Windows\system32\imvalid.ico.bak0
C:\Windows\system32\mysidesearch_sidebar_uninstall.exe
C:\Windows\system32\superiorads-uninst.exe
C:\Windows\system32\sysmwwod.dll
C:\Windows\system32\u2g.f

.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 02:48 --------- d-----w C:\Users\Danny\AppData\Roaming\Skype
2008-07-14 02:26 --------- d-----w C:\Users\Danny\AppData\Roaming\skypePM
2008-07-13 06:38 --------- d-----w C:\Users\Danny\AppData\Roaming\LimeWire
2008-07-12 14:04 --------- d-----w C:\Users\Danny\AppData\Roaming\NCH Swift Sound
2008-07-12 04:52 --------- d-----w C:\Program Files\YPOPs
2008-07-12 04:30 --------- d-----w C:\Users\Danny\AppData\Roaming\Thunderbird
2008-07-12 04:30 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-12 02:50 --------- d-----w C:\Program Files\Trend Micro
2008-07-11 12:18 --------- d-----w C:\Program Files\Free Window Registry Repair
2008-07-11 12:17 --------- d-----w C:\Program Files\RegCure
2008-07-10 08:18 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-10 02:42 174 --sha-w C:\Program Files\desktop.ini
2008-07-10 02:25 --------- d-----w C:\Program Files\Windows Mail
2008-07-09 12:08 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-07 12:43 3,768 ----a-w C:\Users\Danny\AppData\Roaming\wklnhst.dat
2008-07-05 03:58 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-04 16:06 --------- d-----w C:\ProgramData\Skype
2008-07-04 16:06 --------- d-----w C:\Program Files\Skype
2008-07-04 16:06 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-04 16:01 --------- d---a-w C:\ProgramData\TEMP
2008-07-04 11:50 --------- d-----w C:\ProgramData\avg7
2008-07-02 04:14 --------- d-----w C:\Program Files\Microsoft Works
2008-07-02 04:13 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-02 03:38 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-07-02 03:38 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-07-01 08:18 --------- d-----w C:\Program Files\Undisker
2008-07-01 06:32 --------- d-----w C:\Program Files\LimeWire
2008-06-30 10:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-29 19:19 --------- d-----w C:\Program Files\Iteral
2008-06-29 19:15 --------- d-----w C:\Users\Danny\AppData\Roaming\PMCallCenter
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-14 07:41 --------- d-----w C:\Users\Danny\AppData\Roaming\AVG7
2008-06-09 13:16 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-09 01:25 230,818 ----a-w C:\Windows\uninstall News_and.exe
2008-06-09 01:25 1,042,950 ----a-w C:\Windows\News_and.scr
2008-06-03 13:53 --------- d-----w C:\Program Files\EyeSpyFX_Webcam
2008-06-02 14:35 --------- d-----w C:\Program Files\Limewire Download Booster
2008-05-25 13:19 --------- d-----w C:\Users\Danny\AppData\Roaming\Intel
2008-05-25 13:19 --------- d-----w C:\Program Files\Intel
2008-05-24 08:47 --------- d-----w C:\Program Files\Google
2008-05-16 14:36 --------- d-----w C:\Users\Danny\AppData\Roaming\dvdcss
2008-05-15 15:52 --------- d-----w C:\Program Files\VideoLAN
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-23 04:27 428,032 ----a-w C:\Windows\System32\EncDec.dll
2008-04-23 04:27 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2008-04-23 04:27 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-16 13:24 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-16 13:24 32 ----a-w C:\ProgramData\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-11 04:35 90112]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 21:35 125440]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 23:59 224248]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-12-17 17:13 3810544]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 21:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-08-09 06:09 26112]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 19:09 63712]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2006-12-14 16:53 192512]
"LMgrVolOSD"="C:\Program Files\Launch Manager\OSD.exe" [2006-12-26 11:23 180224]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2006-08-29 09:26 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-11-09 14:37 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ZSSnp211"="C:\Windows\ZSSnp211.exe" [2006-08-19 12:37 49152]
"Domino"="C:\Windows\Domino.exe" [2006-08-18 16:58 49152]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 10:29 579584]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-24 17:47 29744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 19:11 4317184 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-30 16:44 219136]

C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
wkcalrem.LNK - C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-08-18 20:44:26 21504]
YPOPs.lnk - C:\Program Files\YPOPs\YPOPs.exe [2008-07-12 13:52:34 1355776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
2008-03-30 16:44 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2AD7E833-8C6B-4A6F-AD41-F5FFFBAE0B24}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{349F03E6-6D2E-4B85-BE36-C0C7FB6518E2}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{10CBC4E2-618D-4DC0-93B0-976782102960}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{4D1EB18C-2410-45BC-8680-C10D35249706}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{B370BE12-7034-4730-B63F-4BCDC2834800}"= UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{651A5235-F628-45EC-8BE2-A4B51FC0541B}"= TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{4942B4B0-97F6-4031-B9E5-DB1B7BE922BE}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{5B6B9095-A200-4ACF-ADCE-E7D39DE9A842}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{FF3CD7E5-E09F-4C34-BAE5-7A688A5C8FC3}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{796C23F6-2823-4EFA-A069-6648E761E99C}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{08CB4643-CE54-433B-BD1A-F9C6BECFEF26}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{5CED8598-336F-4F04-A63D-33801D39FD80}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{457C38D6-3C95-4DDA-BD70-B81C9FA128B5}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{43FEDAC8-880B-4D43-9416-910247DEF819}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"TCP Query User{8BBF894E-FE1F-47AC-AC5D-8515A1FA9F5C}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{D02290A1-021F-4DC5-AC42-C9159D88B5D2}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"TCP Query User{DD0A68EF-1C0C-49C6-B757-00DB81A02B33}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{BE8FB4F2-0718-40C5-A5A8-1419DFD45BB9}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{1688542A-32AC-4C00-856E-6EE3EAAB5805}C:\\users\\danny\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\danny\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{1A5EF5A2-E905-4934-8A31-AF68CB24D49C}C:\\users\\danny\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\danny\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"{32A2CFED-BAF2-4A80-BD18-40EAA72D32F6}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{6FF0E21A-F394-4EF5-BDB5-8217F2324FFE}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{86E52401-9927-47B9-B501-2A5D1DF98A78}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B5088017-667F-4446-82D0-95C977385BE3}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{7A61AECA-9F1E-46AD-B0FB-929EAD7ECA6B}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{A0A3FE8F-F2EB-4FA1-B0E6-A5BD8C9623F9}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"{C8FA1CC1-A0B0-451C-9AC9-462B36F8A249}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{99AF0947-85C2-4145-85A2-DCEF9A932E7F}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{EE8A508B-ED4C-43DF-B469-9C105157A3C1}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{799AB2C3-D5CD-4DBC-8019-2C93E722A0C9}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{8EBD1D70-B3F9-4617-BD4C-2BEAEA4D7B59}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{088F51AA-3B2B-4F09-B7CF-A49BB719BF82}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0C1C6A00-39C5-4ADF-9D3F-D9E3B4FEFD01}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B336EEEA-2D1F-43EE-A7B9-74E83708D3C5}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{ADE52DB0-A9A6-4299-BA30-F4B394C26DA8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{E6D97E52-970D-4EC5-B9ED-4F29B7FED5EC}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{F08ECD2D-A0C5-42F3-8138-3D07E5ACD031}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{5DBB1652-5C9A-4F20-A7A5-0F3BB060CDE6}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{02FDB1F2-A4A0-4398-A8C9-CBF53EC0AC21}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{12613F77-3222-4E39-8376-A7C8698CF659}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{6E812CBD-D373-4A06-9D63-9FEE895BFF22}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{00741CAC-D683-44F2-9992-FF3D66355467}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{6F95A5A0-EDD3-4AB8-BF81-EE611447137A}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{10947962-0545-4A8A-B2C6-FD0451C0BD44}C:\\program files\\sopcast\\sopvod.exe"= UDP:C:\program files\sopcast\sopvod.exe:sopvod
"UDP Query User{9759FFDF-FD1F-428D-ADEE-B88136A88A97}C:\\program files\\sopcast\\sopvod.exe"= TCP:C:\program files\sopcast\sopvod.exe:sopvod
"{D3229FFF-9B79-4946-9541-4A9A6349D167}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8AF49C39-CF66-405A-AF29-9BD0D04D21F0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{7D769409-56E7-42D5-A440-40F2B26DA8B6}C:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{C4921DB3-2BFF-4CFA-8B16-740BE8EAC092}C:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
"TCP Query User{2957A0DD-1518-4FFD-AEB7-9B898E3AEA1F}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{FD2FF038-4F55-4944-9529-E6060645CBC0}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{36B74736-3140-4086-96D9-06666FA26FB2}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{62E252A6-477F-4794-840A-5F70C29C995C}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{C4868399-789B-4491-9449-6FEA597C6666}C:\\program files\\eyespyfx_webcam\\webcam.exe"= UDP:C:\program files\eyespyfx_webcam\webcam.exe:Webcam
"UDP Query User{B62D6F74-FF13-4B52-A296-8AB0C30E9323}C:\\program files\\eyespyfx_webcam\\webcam.exe"= TCP:C:\program files\eyespyfx_webcam\webcam.exe:Webcam
"TCP Query User{8D187106-B8EE-4825-9AC9-A05A818FE6AF}C:\\program files\\soulseek-test\\slsk.exe"= UDP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"UDP Query User{523EDD6B-FDB8-4238-902D-5DB14364109C}C:\\program files\\soulseek-test\\slsk.exe"= TCP:C:\program files\soulseek-test\slsk.exe:SoulSeek
"TCP Query User{2DB8C93E-DD23-4817-BC92-83143036E31E}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{6566EDC1-D97B-403C-9ADB-441AF1F48420}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{C0205C30-BFAA-430E-9102-4C025E68FC6D}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{BD5EDBF4-1F27-4710-9A1B-E489B5DE116A}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{CA98DD3C-8617-4FD5-A639-7EE972D7B774}C:\\users\\danny\\downloads\\9dragons_downloader_us_6-20-2008.exe"= UDP:C:\users\danny\downloads\9dragons_downloader_us_6-20-2008.exe:9dragons_downloader_us_6-20-2008.exe
"UDP Query User{E3FF509E-947E-4D74-850F-BBD3FF345EAF}C:\\users\\danny\\downloads\\9dragons_downloader_us_6-20-2008.exe"= TCP:C:\users\danny\downloads\9dragons_downloader_us_6-20-2008.exe:9dragons_downloader_us_6-20-2008.exe
"{6A158749-A234-4542-85ED-2E2AAEAE717D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6A97E26C-4E47-4CDC-BA4A-0F589203FED5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8865A084-2802-4C57-8E62-18F4BFFE7E35}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\PPMate\\ppmate.exe"= C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate
"C:\\Program Files\\PPMate\\ppmnet.exe"= C:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 Hotkey;Hotkey;C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-09 02:52]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-04-01 09:55]
R3 WisLMSvc;WisLMSvc;C:\Program Files\Launch Manager\WisLMSvc.exe [2006-11-17 20:45]
S3 flash;flash;C:\Windows\system32\drivers\flash.sys [2005-11-17 15:36]
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-24 17:47]

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {019749A1-F9BC-476C-2614-58D9ED0A6F40} /qb
.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 01:20:29 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-14 03:10:04 C:\Windows\Tasks\User_Feed_Synchronization-{88EE94D1-9972-4330-8DE5-F1FD8DB722A2}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 12:11:32
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-14 12:13:03
ComboFix-quarantined-files.txt 2008-07-14 03:12:47

The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 27,296,227,328 bytes free

231 --- E O F --- 2008-07-11 16:48:36

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:55, on 13/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\ZSSnp211.EXE
C:\Windows\Domino.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\ehome\ehtray.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Danny\Downloads\dss(2).exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Danny.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\Windows\Temp\CTun.exe" "/remove"
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Startup: YPOPs.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...s/wlscctrl2.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...SS.cab69309.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: anthracosaurus - {9f5cb985-d4a4-49af-9185-133f956b5756} - (no file)
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 9635 bytes

#10
Rorschach112

Posted 14 July 2008 - 09:03 AM

Ralphie

Retired Staff
47,710 posts

File::
C:\Windows\uninstall News_and.exe
C:\Windows\News_and.scr

Folder::

Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Also post a new HijackThis log

#11
papaguy1980

Posted 14 July 2008 - 11:26 PM

New Member

Topic Starter
Member
7 posts

Tuesday, July 15, 2008 2:18:58 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/07/2008
Kaspersky Anti-Virus database records: 953481
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 111856
Number of viruses found 4
Number of infected objects 6
Number of suspicious objects 0
Duration of the scan process 01:26:46

Infected Object Name Virus Name Last Action
C:\Bug.txt Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile00.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile01.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile02.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile03.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile04.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile05.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile06.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile07.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile08.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile09.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile10.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile11.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile12.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile13.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile14.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile15.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile16.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile17.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile18.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\fwtsqmfile19.sqm Object is locked skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\ONE2F90.tmp\upgrade.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.OneStep.m skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\ONE2F90.tmp\upgrade.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.OneStep.u skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\ONE2F90.tmp\upgrade.exe/stream Infected: not-a-virus:AdWare.Win32.OneStep.u skipped
C:\Deckard\System Scanner\20080713212440\backup\Windows\temp\ONE2F90.tmp\upgrade.exe NSIS: infected - 3 skipped
C:\Program Files\YPOPs\ypops.log Object is locked skipped
C:\ProgramData\avg7\Log\emc.log Object is locked skipped
C:\ProgramData\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\ProgramData\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\00b265a92efb8196eeb4ba3a8e99a948_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\029f6c024e3d66e1362f4fc4141f9a38_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\03ae35b6e21073a6804fbf0e217676d8_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0482846d69ae8659ec67d96ac2715d3c_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\058a2e0538a11c809d5d9184c2f1c2e0_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\061d85065c9751dc1bfb61b95e536669_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\06446f2da8413f13520d3d19dd6ccb3d_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\066eeed94229f2c83aed8584db51a76a_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07b57e88260f45f38465933c283377ec_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\083b30438dd4f78a3d03b01d4e9dd4c8_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08a2091d3e2069bb68515aad17ad9d30_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0abd59c96f941357d98dcf5b37fbf41b_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0d7f0008d45415c4d90705bfe9e7c9ca_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0fbd13c1f3374cd73b86437d5c9cc181_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\11ecf632088ac2210e870e1d4fff65dc_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\12259fbdd20d6b7be7037ac51b22dc20_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\125ee214197c241909d138df75e081e4_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\12c4512ed09dc26230f6d8b496920e8b_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\14a631ae8c0b9d13e248eaaa4ba9b088_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\14d73aa828984097393306a5b90e3ff0_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\15d0a2caef84aac33712efe4f522c2e8_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\167ed5b201aa4799b678c5ff49c0696e_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\172f209135d7bff3bedd3c27dbe510dd_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1e673ecefaef768ed9f03c5ffb415bf7_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2042ac6ef40029a7b074a814dd23032e_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2080745bbdc2e86296b74a24a0f7b2fc_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\20c113675eed9873e796b8a18e18f0c6_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\22fef13590763737bed07c6ba4a6983d_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\23a14ffae5a02a91ae99c5ec69b3f0c0_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\24e0ace7eeaeb0ea31ef9d57fbf2f25f_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\24e84dfeb49999de1235468c36dd0974_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\25f961665d146d8166e52b1bb7857e75_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\264689d0c6742c3a6be27633cae7f4f4_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\280074dc84204db2d5c8d4229925252f_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\28c6325385cfe89af9b769441002d70e_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2a310f3465ca9615d065148b6a9ad91f_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2d0368caf6f39cbd8f50441fd05631c5_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2e625c2089e7512e63b77fc2bdfd468d_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\300298936d0101b45f29f89bdf3d390a_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\32197e876294e58e73d90652c777c75c_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\323107a02a893b582b7e8dc8584873ab_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\33b51b4a8a5af509f3c01c6832647788_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3633b67e5b40848fd32dff152f7dc044_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\364cb14e6a41708350053cc0e11fc625_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\39cbf569f5dc6f0257484341550f395c_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3d3aa21e95ee1082705d97b63230fe63_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3e7b6873bf318fb9193763c0d92e0bab_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ea2ceeffbd3c7390b7962ea2984a21d_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3eb2336d9f485031020c2141e3c2d777_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4074f49dd58d3088ab4f0c1389e8386f_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\410b066f8648cccafc8c3e3f9525416d_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4138d985ce4d27c6fb4c2e4c0216252f_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\423ccd3b5d05efbdd85a8c80e00ce237_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\43f3cc363e9d51a5f828dae66014b132_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\46ce10eaa807c5753ba0281a411e50e9_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4993d0fd962bb3c130b7ea6022a8cd7d_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4dc540a45d991a6a9c6a2c86df1dcb9c_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4f62cfeace6fd0be4e9fdfb31e57ba9f_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5035255a6c459891a771c32cc7bb2b29_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5126eaed20ce66157d4514ea512f3866_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\514f23246417146a3fe777214220b861_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\52634b34ced8985df3c000b1e115ab0e_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\53b50e6f1f7034e3c6152766b1b6c9d5_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5c7b5bf487c0ce219d334024eda38a62_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5e51002def2ab9b1a3325c065933f33c_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6060d87956af730c3390ac2c91053515_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6407596509e5bbe1337ed0fe36786f52_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\670385bd691e32a3c50259adbd407787_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\68f0971bfad7dd7537749ca5f661f1c6_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\69b3b92995a124f598bd015ae7ff4eaf_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6aadd26a16d6065c6ab39dcc337a8eef_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6aca976162c3b5167a0cc73e6291069e_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b7ccffa6089435f77a12acc795b7a75_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6c5809d28321d6de4c7d737d93fd4565_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6cb28ce568f9b893486c5227da6699a7_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6cc926d80b00f0fb389bf627fac104f8_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6df351fcee03975cda2d7d3f99147ca7_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6efa5307ee87d3a841226d2fb7a8c8fc_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7000036c3ab0335663196581dd822cbb_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\70a7bf4b0ace50db9650901e3b6e7b07_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\73ffb873f96cc7b9879e0601126d83ed_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\771d6b8ec6fc37311a4c7793a792d605_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7a6efaaa760d5cae615a446d2136f9df_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7b0229343b9b07793659db0f6d4bf340_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7c3331ba24bdd8e61e2a6fda356991f9_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7c3817070c17bb0691939762d822f9b7_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7c5c10a339ae315caebc534fb07bab85_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7cb7b6093d4d30900f2eef14b9872669_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7cec27f9f5398d9549748f97e62c5030_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7cf5f8ada7d7f4360834d01ea13a4dd9_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7e358b9051967205a6d8902b9ea0eb6f_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7eec4363b6ec5f48a2dd37eb4e266c46_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\808d4da01781bdb545d48e17eca86d65_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\84cb1dbcfa2651215cd37bf2481a360a_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8ce0769b105dbe60b1ec44762ac33f32_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8fbfd6abdce651a56c485946dcc50dd0_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8fd46492099b28731a2e41db4e54c26a_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8fde5a9d2d815d88bc5cf7de2f9ae345_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\90d9dace95ffcc2c4903b2df36974112_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\918b6e81bb4fa65cab03d75b48ad390b_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\92b4636e39b1e29b887f338580e63936_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9406565e08d798a4765915a28b208a6c_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\945ff5961a126445499bd2d289bcf29a_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\95a75d05687870ebf3cb74f4c03d26c2_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\963916823a00b6f674d52043bca7ae5f_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\966214026dc360fa711c96edccc219b5_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\97eedcfa7e1ab70daa12b7b5eefff503_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9d66311ced6d6c77370887bdbc4254fb_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a1cd754673630cca1d486edc1268bf23_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a2a1ed4b68cbd7837f9482d6a131e2d4_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a38295b81473023f2766bfac5ce30a30_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a4412f89039748adfa40b87c8778cdeb_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a87d18932de010655093322f7a000b15_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aa4ffac7ea09d91dd25453f63e4bb04d_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\abbd78fcc0dda8a71a9b75167b0b8dd5_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae15afcc6f61398c790229c79d4ee8c9_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\af952a557048988d3f847ed7486b1f19_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b01de72e8164251b42d4564557921422_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b07762c1494d9f2d7d34b7cdab9da706_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b52627fb30218a9ae00ab4e6058cf24d_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b52aa087f4852851caea7811ef39065d_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b5c0fb66370647a14efd2e3aa4069317_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b5c2005c9343dc70b04c39e3f9f7ed1d_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b6bae1774393a0cf3ce4203ed8fe8b10_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b73ec2c780800d79169a111f4a5725c2_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b99654c782e269617f7bc7d09565b08b_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\baea5c761a45c50be98f5c486c08861c_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bb7fc63db7fb6c660d2386c89d5677d1_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bcd97ea864d69225cd98788e37a75415_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bf4a142288be24768d3e2a06465e82ba_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c365a9d5e2e79eeb5c8c1322d508ad13_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c7169b0de99a82a931db902f9099bd39_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c785569ff501e00d63588b343dcf6eb1_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ca4fc6eb74e5d877fc1bc64a4537e88b_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cc079c6273fd35ff8e7e596ea9a9f0a4_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ccd68676b82e9d37daef4a37b04bd482_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cd1cf3a265d0080e4063f676909d1b22_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cdab432dd13f01b02f6a1d66530c7f26_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ce29530a081b85882af1b3a78947c581_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ce54a80d9e8a73b5d58d6b70c36046f4_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cf053298b3a160b89673d136964ec988_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cfa7434389bfcdd997deafa9b76aead1_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d055445084cf54889cf6d3bbd9e0a329_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d104dee10f94b376a40900a4b65d94cf_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d168c3a48b2c9782b2b8243edd28c3b4_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d23b609e6b9e623eebe83611cd9cb964_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d3b067a84867b6f23e0b8a537979e2b2_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d57b858984c13caf6422376848243fe8_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d5ab008fa5e3c2dc9267a30c6e6fafb8_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d5d686f5b93fa528d9609f0011cf195c_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d6393007e537b2e19a12a33848c757ae_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\daf2d5037cc3226657e40023a8738d96_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dbd9c3f67d5cf9a45c48801cb7525aa7_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dc6b7b00402c992636112ce340d66eff_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dd7cb96ce8b32f7316f82130343752c0_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\de5fd7ce503a5e195d39127ccd9d600e_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e0947a3ba5180283642d17b9f13356f7_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e09b70767860471e026354bfa34b5caf_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e31bce0e9ec9bb7b57ff033d4e6ea042_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e3bf6f9eed7515ba637c294a1e0d8f50_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e5edd28a5b3b7ef7d78c3afe8862a32f_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e5f9bf3139f689b70f643d363de996c7_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e713035ab6b7762cb724336827763e81_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e8aad8815bcf19d235107eb6965b8d41_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e8ca4619fc0ff65c6e6ebb0aeb838b2c_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e8eb34cb20829bbc1bdc381d06ccdfe1_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e9eba9f64f4d571b66a5e77e176a43e5_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ec7d29d96a5b94c56273dd382e06b5b0_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ecd99fd713b35d50a9f083051f03da06_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ed1b061a6065c3890454c27a05167fe1_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee96eed15d899fb4294cf5d0e15d3727_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\efc95a0bb98559fc7ff1f8361cfc510c_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f0239aaa009a02ef6e6537957dc5be4e_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f24846402717999b1f2887e587e6a27e_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f2999c832e18324da7cfeb763edbc4b2_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f619af52c9834dc0f37c125fb807b6bc_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f622d99973bc40b96e0110f91904bae4_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f6e6a9358ed538788e80a1a5e0be1124_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f7c2726c05332a7258bf2c02f8652992_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f86a4eff23e1ed48d5910ba3c7141701_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f88494ab8f2525b7114d5ccbfd3ad8a5_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f9c3ca6be5f00e46d32f82d915960657_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\faf501cae94b36638255a79bf9964977_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fffbb4d6822e3fb5cae6534e37459e2d_b916f35f-68fd-4658-9cad-8071ab3bf010 Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Guest.dat Object is locked skipped
C:\Users\Danny\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Danny\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Danny\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Danny\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008071520080716\index.dat Object is locked skipped
C:\Users\Danny\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Danny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Danny\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Danny\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Danny\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Danny\AppData\Local\Microsoft\Windows\UsrClass.dat{0671d920-45d3-11dc-8064-0016d36573b1}.TM.blf Object is locked skipped
C:\Users\Danny\AppData\Local\Microsoft\Windows\UsrClass.dat{0671d920-45d3-11dc-8064-0016d36573b1}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Danny\AppData\Local\Microsoft\Windows\UsrClass.dat{0671d920-45d3-11dc-8064-0016d36573b1}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Danny\AppData\Local\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Users\Danny\AppData\Local\Mozilla\Firefox\Profiles\n71afhv4.default\Cache\259DECABd01 Infected: Trojan.Win32.StartPage.bkz skipped
C:\Users\Danny\AppData\Local\Temp\~DF56D5.tmp Object is locked skipped
C:\Users\Danny\AppData\Local\Temp\~DF591F.tmp Object is locked skipped
C:\Users\Danny\AppData\Local\Temp\~DF6346.tmp Object is locked skipped
C:\Users\Danny\AppData\Local\Temp\~DF6363.tmp Object is locked skipped
C:\Users\Danny\AppData\Local\Temp\~DF72EB.tmp Object is locked skipped
C:\Users\Danny\AppData\Local\Temp\~DF745F.tmp Object is locked skipped
C:\Users\Danny\AppData\Local\Temp\~DF79DC.tmp Object is locked skipped
C:\Users\Danny\AppData\Local\Temp\~DF7A25.tmp Object is locked skipped
C:\Users\Danny\AppData\Local\Temp\~DF7BAA.tmp Object is locked skipped
C:\Users\Danny\AppData\Local\Temp\~DF7BEC.tmp Object is locked skipped
C:\Users\Danny\AppData\Local\Temp\~DF7C6C.tmp Object is locked skipped
C:\Users\Danny\AppData\Local\Temp\~DF7C90.tmp Object is locked skipped
C:\Users\Danny\AppData\Local\Temp\~DF7E5D.tmp Object is locked skipped
C:\Users\Danny\AppData\Local\Temp\~DF7E6B.tmp Object is locked skipped
C:\Users\Danny\AppData\Local\Temp\~DF7EE5.tmp Object is locked skipped
C:\Users\Danny\AppData\Local\Temp\~DF7F0C.tmp Object is locked skipped
C:\Users\Danny\AppData\Local\VirtualStore\Program Files\YPOPs\ypops.log Object is locked skipped
C:\Users\Danny\AppData\Local\Yahoo\Y!Msgr\merlin.log Object is locked skipped
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\n71afhv4.default\cert8.db Object is locked skipped
C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\n71afhv4.default\content-prefs.sqlite Object is locked skipped
C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\n71afhv4.default\cookies.sqlite Object is locked skipped
C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\n71afhv4.default\downloads.sqlite Object is locked skipped
C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\n71afhv4.default\formhistory.sqlite Object is locked skipped
C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\n71afhv4.default\key3.db Object is locked skipped
C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\n71afhv4.default\parent.lock Object is locked skipped
C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\n71afhv4.default\permissions.sqlite Object is locked skipped
C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\n71afhv4.default\places.sqlite Object is locked skipped
C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\n71afhv4.default\places.sqlite-journal Object is locked skipped
C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\n71afhv4.default\places.sqlite-stmtjrnl Object is locked skipped
C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\n71afhv4.default\search.sqlite Object is locked skipped
C:\Users\Danny\AppData\Roaming\Skype\dannyking_1\call256.dbb Object is locked skipped
C:\Users\Danny\AppData\Roaming\Skype\dannyking_1\callmember256.dbb Object is locked skipped
C:\Users\Danny\AppData\Roaming\Skype\dannyking_1\chat512.dbb Object is locked skipped
C:\Users\Danny\AppData\Roaming\Skype\dannyking_1\chatmember256.dbb Object is locked skipped
C:\Users\Danny\AppData\Roaming\Skype\dannyking_1\chatmsg256.dbb Object is locked skipped
C:\Users\Danny\AppData\Roaming\Skype\dannyking_1\chatmsg512.dbb Object is locked skipped
C:\Users\Danny\AppData\Roaming\Skype\dannyking_1\contactgroup256.dbb Object is locked skipped
C:\Users\Danny\AppData\Roaming\Skype\dannyking_1\dyncontent\bundle.dat Object is locked skipped
C:\Users\Danny\AppData\Roaming\Skype\dannyking_1\index2.dat Object is locked skipped
C:\Users\Danny\AppData\Roaming\Skype\dannyking_1\profile4096.dbb Object is locked skipped
C:\Users\Danny\AppData\Roaming\Skype\dannyking_1\user1024.dbb Object is locked skipped
C:\Users\Danny\AppData\Roaming\Skype\dannyking_1\user16384.dbb Object is locked skipped
C:\Users\Danny\AppData\Roaming\Skype\dannyking_1\user256.dbb Object is locked skipped
C:\Users\Danny\AppData\Roaming\Skype\dannyking_1\voicemail256.dbb Object is locked skipped
C:\Users\Danny\Music\Danny's Tunes\Goonies Are Good Enough.wma Infected: Trojan-Downloader.WMA.GetCodec.b skipped
C:\Users\Danny\NTUSER.DAT Object is locked skipped
C:\Users\Danny\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Danny\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Danny\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Danny\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Danny\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Installer\MSI4C0A.tmp Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0286D5A3321B1ECC8C0CB37FFFC81AF1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\205A392608F81D29AED35B1206C59F95.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\ACEEventLog.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ForwardedEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Tasks\User_Feed_Synchronization-{88EE94D1-9972-4330-8DE5-F1FD8DB722A2}.job Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:55, on 13/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\ZSSnp211.EXE
C:\Windows\Domino.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\ehome\ehtray.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Danny\Downloads\dss(2).exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Danny.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Mai

#12
Rorschach112

Posted 15 July 2008 - 10:42 AM

Ralphie

Retired Staff
47,710 posts

Hello

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\Users\Danny\AppData\Local\Mozilla\Firefox\Profiles\n71afhv4.default\Cache\259DECABd01
C:\Users\Danny\Music\Danny's Tunes\Goonies Are Good Enough.wma
purity 
EmptyTemp
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Also post a new HijackThis log

#13
papaguy1980

Posted 15 July 2008 - 11:41 AM

New Member

Topic Starter
Member
7 posts

Explorer killed successfully
File/Folder C:\Users\Danny\AppData\Local\Mozilla\Firefox\Profiles\n71afhv4.default\Cache\259DECABd01 not found.
File/Folder C:\Users\Danny\Music\Danny's Tunes\Goonies Are Good Enough.wma not found.
< purity >
< EmptyTemp >
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF41D4.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF441B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF667A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\~DF668B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Danny\AppData\Local\Temp\hsperfdata_Danny\3240 scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile00.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20080715-185804-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20080715-185819-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\MpCmdRun.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\TMP000000523C315DB11FEEF157 scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07162008_022546

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:55, on 13/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\ZSSnp211.EXE
C:\Windows\Domino.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\ehome\ehtray.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Danny\Downloads\dss(2).exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Danny.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\Windows\Temp\CTun.exe" "/remove"
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Startup: YPOPs.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...s/wlscctrl2.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...SS.cab69309.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: anthracosaurus - {9f5cb985-d4a4-49af-9185-133f956b5756} - (no file)
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 9635 bytes

#14
Rorschach112

Posted 15 July 2008 - 01:29 PM

Ralphie

Retired Staff
47,710 posts

Just one thing

Fix this entry with HijackThis

O22 - SharedTaskScheduler: anthracosaurus - {9f5cb985-d4a4-49af-9185-133f956b5756} - (no file)

Reboot and post a new Hijackthis log

#15
Rorschach112

Posted 20 July 2008 - 08:37 AM

Ralphie

Retired Staff
47,710 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.