Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Agent


  • This topic is locked This topic is locked
3 replies to this topic

#1 Wollemi

Wollemi

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 01 March 2010 - 06:05 AM

Hi, apologies if have put too much info, in a nutshell my system appears erratic with file management and file sharing which I had not authorised. A couple of APPCrashes, but mostly hidden files, shared files, undeletables, no access and strange behaviours, icons appearing, disappearing. So far no blank screens or freezes.

Here goes.....

BACKGROUND:

Hard drive partitioned, only using one partition and OS. Only one user profile ‘ecohealthoz’ with administrator rights and lappie only ever used by me. No other user profiles. No local area networks, use dial up connection or occasionally wireless connection from local library (public non-secure network).

Had a few data migrations in the past, previous lappie died, retrieved some files, downgraded Vista to XP last year (successfully) until hard drive failed on exact anniversary of computer 1st start up.
New hard drive and clean install of Vista.
Some files recovered, stored on usb external hard drive or stick, Malwarebytes found a Trojan in a Dreamweaver file on E Drive (removed successfully) and quarantined.


SECURITY:
AVG free 8.5 updated regularly, did not find the Trojan.Agent, picked up by Malwarebytes.
Sypbot search and destroy
Malwarebytes – recently downloaded it (picked up Trojan.Agent)

The Trojan is quarantined by Malwarebytes but I don’t know what to do now. It was removed successfully from the lexar device (see logs).

UNUSUAL OCCURRENCES:
There are regular unusual events eg icons disappearing from desktop, a public folder appearing under Users, when I delete it, on next start up it reappears.
This kind of info was in the public folder sub folders:

In public documents:

.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21801
IconResource=%SystemRoot%\system32\shell32.dll,-235


In public music:
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21803


FILE PERMISSIONS/SHARING
The C Drive and everything within it appeared as shared in the properties share box, and I try to unshare it, and it returns as shared, so today I did a system restore back to 17 Feb and it appeared not shared, and after I went online it is now back to shared again!!! I don’t know who or what I am sharing with as there is no share path given.

Eg C: Properties Sharing “Network File and Folder Sharing” C:\ Shared
Network Path: (empty)
Share tab underneath Network Path does not function
Advanced Sharing tab
Share this folder box is unchecked
No other information in this window


There are hidden file attributes to eg C:Users\ecohealthoz\AppData\Roaming\Microsoft\Windows\Cookies\Low
“ \Local\Microsoft\Windows\Temporary Internet Files (83 files/70 folders)
“ “ \History (10 files/7folders hidden)
The file permissions won’t let me change permissions or access some files or folders (I suspect it is above & beyond the control my boss Vista exerts over my activities although it’s hard to be sure. I was going to use File Assassin but access has been denied.
Some file attributes are hidden or permissions are shaded and cannot be changed. I have tried taking ownership of files, but without consistent success.


START UP:
I downloaded a Start Up Control Panel program from Mike Lin and used it once and next day it was not visible anywhere in programs of control panel. Only the zip file was still there but if I try to install it, it doesn’t seem to install and does not appear on the control panel or in the programs.

DISK DEFRAG: – unusual message appeared saying something like computer in good condition.It took me a couple of attempts to get the computer to commence a defrag operation by locating and running the Defrag.exe

Temporary Internet Files hidden (eg 70 folders, 83 files) even though I have deleted browsing history.
History: hidden 10 files, 7 folders. Even though have deleted history.

Recycle bin – hidden, had 15 files and 6 folders

C Drive says it is shared, and on properties/security tab says ‘authenticated users’ have special permission in a shaded tick box. The file path is C:\\ECOHEALTHOZPC\Users. I unshared C:Users once and then it was replaced in the share Comp Management panel below with printer to be shared.


Control Panel/Administrative Tools/ Computer Management (Local) System Tools / Shared Folders / Shares found this:

Share folder path Type #Client Connections Description
ADMIN$ C:\W Windows 0 Remote Admin
C$ C:\ Windows 0 Default share
IPC$ Windows 0 Remote IPC
Users C:\ Users Windows 0



1 March. Task Manager Processes shows the following users:
ecohealthoz (my computer name)
SYSTEM
LOCAL SERVICE
NETWORK SERVICE

There were 13 svchost exe processes running, 6 under SYSTEM, 3 under NETWORK SERVICE and 4 under LOCAL SERVICE.

I wonder if the source of the problem is the svchost.

You will notice that I uninstalled and tried to reinstall the Canon printer, as it had appeared as a share when I managed to get the Users to stop sharing in computer management. The drivers would not install properly today, but after todays system restore its working and printing OK.

TCrdMain exe is a Toshiba Flash Cards application and it has been crashing and unstable eg.
Toshiba flash cards info 28 Feb 2010-02-28
Problem signature:
Problem Event Name: APPCRASH
Application Name: TCrdMain.exe
Application Version: 1.0.0.19
Application Timestamp: 46529c16
Fault Module Name: mscorwks.dll
Fault Module Version: 2.0.50727.1434
Fault Module Timestamp: 4757b767
Exception Code: 40000015
Exception Offset: 00117d88
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 3081
Additional Information 1: 4d82
Additional Information 2: 76392433620eb146459c4119d62c1e69
Additional Information 3: 51e2
Additional Information 4: 87134ea6c1e2a4de5412c627f93f9661

Problem signature:
Problem Event Name: APPCRASH
Application Name: FINDER.EXE
Application Version: 10.0.2616.0
Application Timestamp: 3a8ef8df
Fault Module Name: StackHash_b282
Fault Module Version: 6.0.6001.18000
Fault Module Timestamp: 4791a7a6
Exception Code: c0000374
Exception Offset: 000b015d
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 3081
Additional Information 1: b282
Additional Information 2: a01f905be91c27f263c581ae297f873c
Additional Information 3: 3f7d
Additional Information 4: 1f38a7d899f11478dd0604d964bcb777


Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 21/02/2010 1:28:49 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: ecohealthozPC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
15 user registry handles leaked from \Registry\User\S-1-5-21-3877609655-4121862383-2237082646-1000:
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Microsoft\SystemCertificates\trust
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Policies\Microsoft\SystemCertificates
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Microsoft\Direct3D
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Microsoft\SystemCertificates\My
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Microsoft\SystemCertificates\CA
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Microsoft\SystemCertificates\Root
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Microsoft\SystemCertificates\TrustedPeople

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" EventSourceName="profsvc" />
<EventID Qualifiers="32768">1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-02-21T02:28:49.000Z" />
<EventRecordID>12935</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>ecohealthozPC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">15 user registry handles leaked from \Registry\User\S-1-5-21-3877609655-4121862383-2237082646-1000:
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Microsoft\SystemCertificates\trust
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Policies\Microsoft\SystemCertificates
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Microsoft\Direct3D
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Microsoft\SystemCertificates\My
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Microsoft\SystemCertificates\CA
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Microsoft\SystemCertificates\Root
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3564 (\Device\HarddiskVolume2\Program Files\Toshiba\FlashCards\TCrdMain.exe) has opened key \REGISTRY\USER\S-1-5-21-3877609655-4121862383-2237082646-1000\Software\Microsoft\SystemCertificates\TrustedPeople
</Data>
</EventData>
</Event>


AVG REPORT 27 January, 2010
AVG 8.5 Anti-Virus command line scanner
Copyright © 1992 - 2009 AVG Technologies
Program version 8.0.354, engine 8.0.375
Virus Database: Version 271.1.1/2645 2010-01-25

C:\Boot\BCD Locked file. Not tested.
C:\Boot\BCD.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\ProgramData\Desktop\ Locked file. Not tested.
C:\ProgramData\Documents\ Locked file. Not tested.
C:\ProgramData\Favorites\ Locked file. Not tested.
C:\ProgramData\Templates\ Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\Users\ecohealthoz\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Users\ecohealthoz\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested.
C:\Users\ecohealthoz\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested.
C:\Users\ecohealthoz\Desktop\D current outlook backup.pst Locked file. Not tested.
C:\Users\ecohealthoz\ntuser.dat Locked file. Not tested.
C:\Users\ecohealthoz\ntuser.dat.LOG1 Locked file. Not tested.
C:\Users\ecohealthoz\ntuser.dat.LOG2 Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Locked file. Not tested.
C:\Windows\System32\catroot2\edb.log Locked file. Not tested.
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS.LOG1 Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS.LOG2 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not tested.
C:\Windows\System32\config\RegBack\COMPONENTS Locked file. Not tested.
C:\Windows\System32\config\RegBack\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\RegBack\SAM Locked file. Not tested.
C:\Windows\System32\config\RegBack\SECURITY Locked file. Not tested.
C:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\RegBack\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\SAM Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SECURITY Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not tested.
C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 483952
Found infections : 0
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------



DDS LOG
DDS (Ver_09-09-29.01) - NTFSx86
Run by ecohealthoz at 18:19:03.47 on Mon 01/03/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.2038.846 [GMT 11:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\CTsvcCDA.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Temp\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\dfrgui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\defrag.exe
C:\Windows\system32\DfrgNtfs.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\ecohealthoz\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\temp\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\temp\spybot~1\SDHelper.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,avgrsstx.dll c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-15 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-15 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-15 298776]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\temp\spybot - search & destroy\SDWinSec.exe [2009-9-30 1153368]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-11-7 7168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2009-5-30 252416]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-15 135664]

=============== Created Last 30 ================

2010-03-01 13:29 <DIR> --d----- c:\programdata\CanonBJ(343)
2010-03-01 13:29 <DIR> --d----- c:\progra~2\CanonBJ(343)
2010-03-01 13:04 <DIR> --d----- c:\program files\CanonBJ(285)
2010-02-15 23:00 81,920 a------- c:\windows\system32\Startup.cpl

==================== Find3M ====================

2010-02-13 17:28 113,568 a------- c:\users\ecohea~1\appdata\roaming\GDIPFONTCACHEV1.DAT
2010-01-07 16:07 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-13 16:40 174 a--sh--- c:\program files\desktop.ini
2009-10-13 16:38 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-13 16:38 86,016 a------- c:\windows\inf\infstor.dat
2009-10-13 16:38 51,200 a------- c:\windows\inf\infpub.dat
2009-10-13 16:22 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 23:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 23:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 23:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 23:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 20:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 20:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 20:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 20:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-10-11 10:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009101120091012\index.dat
2009-10-13 11:10 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009101320091014\index.dat
2009-11-15 21:57 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111520091116\index.dat

============= FINISH: 18:20:08.57 ===============


ROOT REPEAL LOG


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/03/01 18:32
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8C740000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x8C74B000 Size: 40960 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA73CD000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\ProgramData\Desktop
Status: Locked to the Windows API!

Path: C:\ProgramData\Documents
Status: Locked to the Windows API!

Path: C:\ProgramData\Favorites
Status: Locked to the Windows API!

Path: C:\ProgramData\Templates
Status: Locked to the Windows API!

Path: C:\System Volume Information\{10b654e4-24d3-11df-9346-001644a32876}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{10b654f3-24d3-11df-9346-001644a32876}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{18b79bf3-1c66-11df-a8ba-001e3332c514}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1dbef6ce-2115-11df-9a5c-001644a32876}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a38e3850-2326-11df-bf93-001e3332c514}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a38e3857-2326-11df-bf93-001e3332c514}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b22fad7c-24b7-11df-8903-001e3332c514}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{bc5bcff6-2009-11df-af9f-001e3332c514}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{bc5bd014-2009-11df-af9f-001e3332c514}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c5179084-1dd4-11df-aa66-001e3332c514}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ed0a0100-1e73-11df-88bd-001e3332c514}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fd124d4a-24dc-11df-9540-001644a32876}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3c486f7a-20c8-11df-8f00-001e3332c514}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{46d8ed27-2103-11df-912d-001644a32876}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{5cf9b374-1f68-11df-8a47-001e3332c514}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_118a7387f9d14a82.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_57b67ceb7de564e6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_c9dd3cb0e555217c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_9f63b3c292618dec.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\3582cf91bea0e0e7b5f4b8a168a2e4bf248a01f764aa3c5d7c4f352ebc681e9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\4bde3906e1ad59953a7d8592ff3860dd7fadc4e12abe4b5c828645390461a3aa.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\f3c343567eb07e928a24a5c8b8bf732a5523d0acd4762015ba309f48255a5baf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\70f19edeeb8e3329aad18f744094ea0319d2ecc78dd6a12559a1e765c42418f7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\df4c00155bfca5da82320089743bb386e8df43312c8d8b8112418980a2440f2d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\4a4e6de1088e614f7694727d621129512819bdecdb46cc6ebb7c1f192dfe380e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\9f4b272407008a230979f286064e895aa72cac13cd57d536a67ea34c9dd91a2c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fundisc_31bf3856ad364e35_6.0.6000.16386_none_79adacdc3df77f81\$$DeleteMe.fundisc.dll.01ca4bc58968de73.0060
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_6.0.6000.16386_none_318fc418263bf156\$$DeleteMe.pcadm.dll.01ca4bc600a6bf73.00ef
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_6.0.6000.16386_none_318fc418263bf156\$$DeleteMe.pcasvc.dll.01ca4bc5d05656f3.00a5
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.0.6000.16386_none_3fd3e2bdc5a2408e\$$DeleteMe.SmartcardCredentialProvider.dll.01ca4bc5d91644d3.00b2
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6000.16386_none_d2da41c24fcec5ef\$$DeleteMe.apphelp.dll.01ca4bc5f3cf7493.00db
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..es-interface-router_31bf3856ad364e35_6.0.6000.16386_none_55bf44ac819e1c73\$$DeleteMe.activeds.dll.01ca4bc57f9bf533.004e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..o-mmecore-wdm-audio_31bf3856ad364e35_6.0.6000.16386_none_48178a2ae8c70f33\$$DeleteMe.wdmaud.drv.01ca4bc5a54dfb73.007e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8945d572a01e6a1a\$$DeleteMe.authui.dll.mui.01ca4bc62a858f13.010f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..terface-ldapc-layer_31bf3856ad364e35_6.0.6000.16386_none_5cfbb23d699248a8\$$DeleteMe.adsldpc.dll.01ca4bc589348033.005f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.0.6000.16386_en-us_1652b637b3e9dec3\$$DeleteMe.advapi32.dll.mui.01ca4bc62cebb1d3.0119
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6000.16386_none_e1118fae8996a7dc\$$DeleteMe.advapi32.dll.01ca4bc5658965b3.0035
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16386_none_a8e97dca5cc75c13\$$DeleteMe.atl.dll.01ca4bc5daed9513.00b4
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6000.16386_none_7469022ae7b4af06\$$DeleteMe.audiodg.exe.01ca4bc566f0d553.0036
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6000.16386_none_7469022ae7b4af06\$$DeleteMe.AudioEng.dll.01ca4bc5b4f8e853.008d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6000.16386_none_7469022ae7b4af06\$$DeleteMe.AUDIOKSE.dll.01ca4bc5a48acab3.007d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6000.16386_none_7469022ae7b4af06\$$DeleteMe.AudioSes.dll.01ca4bc5d6072073.00ad
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6000.16386_none_7469022ae7b4af06\$$DeleteMe.audiosrv.dll.01ca4bc5f0aae3d3.00d3
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-acm_31bf3856ad364e35_6.0.6000.16386_none_deaec722e41e5e07\$$DeleteMe.msacm32.dll.01ca4bc54452b633.0017
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_6.0.6000.16386_none_b3a8fa3e54c50ab3\$$DeleteMe.winmm.dll.01ca4bc5e9ded6b3.00c5
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6000.16513_none_0a056d7cf846bbd5\$$DeleteMe.authui.dll.01ca4bc5cbee0b33.009d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.0.6000.16386_none_635c5092764d99de\$$DeleteMe.LogonUI.exe.01ca4bc5c4f26293.0096
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6000.16386_none_8ac7060813a4d0d2\$$DeleteMe.midimap.dll.01ca4bc5d5608033.00aa
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6000.16386_none_8ac7060813a4d0d2\$$DeleteMe.msacm32.drv.01ca4bc608eae5d3.00fa
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-basesrv_31bf3856ad364e35_6.0.6000.16386_none_0a9428d9e6cfbcfc\$$DeleteMe.basesrv.dll.01ca4bc526ee5bd3.000d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16531_none_218b14e6fc62ea9e\$$DeleteMe.qmgr.dll.01ca4bc5ad948333.0088
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bits-igdsearcher_31bf3856ad364e35_6.0.6000.16386_none_af357b0d92153e84\$$DeleteMe.bitsigd.dll.01ca4bc5a754e733.0081
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.0.6000.16386_none_76b264bda1136499\$$DeleteMe.browser.dll.01ca4bc586f6d4d3.005b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.16677_none_0ac2b30954c98430\$$DeleteMe.es.dll.01ca4bc5efc3fe73.00d2
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..rformance-xperfcore_31bf3856ad364e35_6.0.6000.16386_none_d4dab19871ad5771\$$DeleteMe.diagperf.dll.01ca4bc6061e67f3.00f4
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cabinet_31bf3856ad364e35_6.0.6000.16386_none_35088f20e500a372\$$DeleteMe.cabinet.dll.01ca4bc5ebe36113.00c8
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cbsapi_31bf3856ad364e35_6.0.6000.16386_none_4c2b1119f37be620\$$DeleteMe.CbsApi.dll.01ca4bc1b2aaa76d.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cmi_31bf3856ad364e35_6.0.6000.16386_none_a797884c5d9fcdc5\$$DeleteMe.cmiv2.dll.01ca4bc61e065713.0109
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6000.16386_none_a9e6e55ff5664fb0\$$DeleteMe.ole32.dll.01ca4bc592f32133.006f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6000.16470_none_2320546141637f8f\$$DeleteMe.imagehlp.dll.01ca4bc5f555d613.00e0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16386_none_74cae93a3000e831\$$DeleteMe.cfgmgr32.dll.01ca4bc23721b465.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16386_none_74cae93a3000e831\$$DeleteMe.umpnpmgr.dll.01ca4bc236895c65.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23\$$DeleteMe.cfgmgr32.dll.01ca4bc5adea34b3.0089
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23\$$DeleteMe.umpnpmgr.dll.01ca4bc5f8ffb3d3.00e6
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6000.16386_none_d9008ac592026334\$$DeleteMe.credui.dll.01ca4bc53db3e333.0012
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cryptdll-dll_31bf3856ad364e35_6.0.6000.16386_none_0367c3eab0da6051\$$DeleteMe.cryptdll.dll.01ca4bc5cfaaf3f3.00a2
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\$$DeleteMe.cryptsvc.dll.01ca4bc5910d88b3.006a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.0.6000.16445_none_c77ab655a8530501\$$DeleteMe.csrsrv.dll.01ca4bc52602b3b3.000a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230\$$DeleteMe.crypt32.dll.01ca4bc5e0ecebf3.00b9
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6000.16386_none_56ad21dbe72a9d78\$$DeleteMe.csrss.exe.01ca4bc5256cbd13.0008
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..ellman_software_csp_31bf3856ad364e35_6.0.6000.16386_none_39c1f98787f99c82\$$DeleteMe.dssenh.dll.01ca4bc605c8b673.00f3
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.0.6000.16386_none_9adace8ff858851e\$$DeleteMe.WUDFPlatform.dll.01ca4bc59ad0ec73.0073
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.0.6000.16386_none_9adace8ff858851e\$$DeleteMe.WUDFSvc.dll.01ca4bc5624381b3.002e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6000.16386_none_cca68469f44b4003\$$DeleteMe.ntdsapi.dll.01ca4bc57d1941f3.004d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6000.16386_none_8b6cd218c046ea63\$$DeleteMe.uxsms.dll.01ca4bc5f593b9d3.00e1
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.16609_none_68015a2337d92e69\$$DeleteMe.dpx.dll.01ca4bc5d00eedb3.00a3
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.16512_none_d56b19bc316f9001\$$DeleteMe.dhcpcsvc.dll.01ca4bc5f5e24733.00e2
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.16512_none_d56b19bc316f9001\$$DeleteMe.dhcpcsvc6.dll.01ca4bc54c1b1513.0019
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\$$DeleteMe.dnsapi.dll.01ca4bc55dca8c53.0029
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\$$DeleteMe.dnsrslvr.dll.01ca4bc584174bf3.0055
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6000.16386_none_afb79761a4097d90\$$DeleteMe.samlib.dll.01ca4bc5aadfd313.0083
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6000.16386_none_afb79761a4097d90\$$DeleteMe.samsrv.dll.01ca4bc562fd2cf3.002f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-duser_31bf3856ad364e35_6.0.6000.16386_none_583dec4cff8f7125\$$DeleteMe.duser.dll.01ca4bc5fd197233.00ec
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6000.16386_none_61dcc930c67f1797\$$DeleteMe.eappcfg.dll.01ca4bc54cbcf293.001b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6000.16386_none_61dcc930c67f1797\$$DeleteMe.eapphost.dll.01ca4bc605482c33.00f2
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6000.16386_none_61dcc930c67f1797\$$DeleteMe.eappprxy.dll.01ca4bc5bcb56053.0091
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.0.6000.16386_none_efad84e52f20ae35\$$DeleteMe.esent.dll.01ca4bc5cf01f253.00a0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..otocol-host-service_31bf3856ad364e35_6.0.6000.16386_none_881325e50132ff36\$$DeleteMe.eapsvc.dll.01ca4bc5c8e60af3.009b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.0.6000.16386_none_1e3ff01a08f92b15\$$DeleteMe.wer.dll.01ca4bc5992474f3.0070
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6000.16386_none_6dd05aa63fde4065\$$DeleteMe.Faultrep.dll.01ca4bc5d75b8513.00b0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.0.6000.16386_none_a9fa4020685f2193\$$DeleteMe.wevtapi.dll.01ca4bc54ddf5a53.001d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6000.16386_none_da8d9a1e15ee1eb0\$$DeleteMe.wevtsvc.dll.01ca4bc565256bf3.0032
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-failovercluster-client_31bf3856ad364e35_6.0.6000.16386_none_a4186fca55bd3a26\$$DeleteMe.clusapi.dll.01ca4bc5a04d57b3.0077
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-failovercluster-client_31bf3856ad364e35_6.0.6000.16386_none_a4186fca55bd3a26\$$DeleteMe.resutils.dll.01ca4bc5d5baf473.00ac
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feclient_31bf3856ad364e35_6.0.6000.16386_none_bca34f2f5aa9c40c\$$DeleteMe.feclient.dll.01ca4bc5fbc9d053.00e9
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6000.16386_none_7795316593fa8ed5\$$DeleteMe.wersvc.dll.01ca4bc5da364b33.00b3
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.16766_none_575d8f704c563751\$$DeleteMe.gdi32.dll.01ca4bc5e03f2793.00b8
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16386_none_a79c567c5d9b4c78\$$DeleteMe.lpk.dll.01ca4bc5fc3e73b3.00eb
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6000.16386_none_25ec9fe2ea179531\$$DeleteMe.gpapi.dll.01ca4bc5ac936eb3.0087
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6000.16386_none_25ec9fe2ea179531\$$DeleteMe.gpsvc.dll.01ca4bc5e916e333.00c3
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6000.16386_none_9c552a52f9cf5068\$$DeleteMe.emdmgmt.dll.01ca4bc5e205ce33.00ba
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.16386_none_f3757b03a060c8ff\$$DeleteMe.httpapi.dll.01ca4bc5f334bb33.00d9
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16512_none_b2f407f7d9a9abda\$$DeleteMe.urlmon.dll.01ca4bc5e86b8033.00c0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.0.6000.16386_none_68816eddac5ab0fd\$$DeleteMe.locale.nls.01ca4bc6083d2173.00f7
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.16501_none_0ffdd2907f32f6e5\$$DeleteMe.iphlpsvc.dll.01ca4bc52560d633.0007
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16512_none_fff9e399a4b2d26d\$$DeleteMe.wininet.dll.01ca4bc5c75d4813.0099
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-icm-base_31bf3856ad364e35_6.0.6000.16386_none_209128588c782871\$$DeleteMe.mscms.dll.01ca4bc5ac721b73.0086
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16386_none_456ce85d8f991f6f\$$DeleteMe.iertutil.dll.01ca4bc5a5741173.007f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16386_none_456ce85d8f991f6f\$$DeleteMe.sqmapi.dll.01ca4bc55f9132f3.002b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6000.16386_none_5a1f5c1a7d7fec2e\$$DeleteMe.imm32.dll.01ca4bc577df7d33.0045
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6000.16386_none_0143bc2fb699ae2d\$$DeleteMe.msi.dll.01ca4bc561c09613.002c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-imageanalysis_31bf3856ad364e35_6.0.6000.16386_none_462555be2d3821c7\$$DeleteMe.dbghelp.dll.01ca4bc58ca2db93.0066
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3ae40182285968c3\$$DeleteMe.kernel32.dll.mui.01ca4bc62c8a1973.0117
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\$$DeleteMe.kernel32.dll.01ca4bc576e7ee33.0044
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ldap-client_31bf3856ad364e35_6.0.6000.16386_none_f105859b5980a307\$$DeleteMe.Wldap32.dll.01ca4bc5abecce73.0085
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lpksetup_31bf3856ad364e35_6.0.6000.16386_none_1f229f0d6f8d6648\$$DeleteMe.lpksetup.exe.01ca4bc57611b273.0043
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8471125599b04653\$$DeleteMe.lsasrv.dll.mui.01ca4bc62c7bd133.0116
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mmdeviceapi_31bf3856ad364e35_6.0.6000.16386_none_52cd819bbc76c9b6\$$DeleteMe.MMDevAPI.dll.01ca4bc6008ef1b3.00ee
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mprapi_31bf3856ad364e35_6.0.6000.16386_none_11d5c2f056198a65\$$DeleteMe.mprapi.dll.01ca4bc53fb14973.0015
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mpr_31bf3856ad364e35_6.0.6000.16386_none_ab9f07765b0640cd\$$DeleteMe.mpr.dll.01ca4bc58d9ccbf3.0068
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6000.16386_none_c50bb8527b8263e8\$$DeleteMe.adtschema.dll.01ca4bc5dc445b13.00b6
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msidle_31bf3856ad364e35_6.0.6000.16386_none_c94b1adea5bbd576\$$DeleteMe.msidle.dll.01ca4bc54c83d193.001a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6000.16386_none_cf1e7424a1fb0cd9\$$DeleteMe.msvcrt.dll.01ca4bc5a3f272b3.007c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16745_none_8661c59c99cb7ce9\$$DeleteMe.msxml3.dll.01ca4bc5efb354d3.00d1
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16745_none_8661c59c99cb7ce9\$$DeleteMe.msxml3r.dll.01ca4bc55aa138d3.0028
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6000.16705_none_422d3c83eeda2955\$$DeleteMe.FwRemoteSvr.dll.01ca4bc5bc5faed3.0090
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6000.16705_none_422d3c83eeda2955\$$DeleteMe.IPSECSVC.DLL.01ca4bc59cfdee33.0074
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-security.resources_31bf3856ad364e35_6.0.6000.16386_en-us_4bff07e547a87678\$$DeleteMe.bfe.dll.mui.01ca4bc6292c67b3.010c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6000.16386_none_a9e67ecc9245d5ec\$$DeleteMe.NapiNSP.dll.01ca4bc54e8137d3.001f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_5ba79395f4b0fdcf\$$DeleteMe.ncrypt.dll.01ca4bc5c6f22a33.0098
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.0.6000.16517_none_3c2ad8f2286305c8\$$DeleteMe.netcfgx.dll.01ca4bc5a63e6653.0080
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6000.16764_none_8b10fff30496576a\$$DeleteMe.netapi32.dll.01ca4bc5ec391293.00cb
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.16386_none_caedaded2d9fc735\$$DeleteMe.BFE.DLL.01ca4bc5241ab9d3.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.16386_none_caedaded2d9fc735\$$DeleteMe.FWPUCLNT.DLL.01ca4bc5232f11b3.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.16386_none_caedaded2d9fc735\$$DeleteMe.IKEEXT.DLL.01ca4bc526d8ef73.000c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-networkprofile_31bf3856ad364e35_6.0.6000.16386_none_76648f5e793ab701\$$DeleteMe.netprofm.dll.01ca4bc57b9ec753.0049
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6000.16386_none_56a01c45ff429Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1312 Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: IEToolbar.dll]
Process: IEXPLORE.EXE (PID: 3780) Address: 0x03b70000 Size: 2596864

==EOF==

Attached Files



BC AdBot (Login to Remove)

 


#2 Wollemi

Wollemi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 01 March 2010 - 10:14 PM

Its Wollemi again, I forgot to mention that AVG is acting strange with updates, and a web search revealed this can occur. I tried to delete AVG and re-install AVG 9 but both failed, and the AVG removal tool did not work either.
Found a stub.exe running in the task manager while trying to download AVG.

#3 Wollemi

Wollemi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 02 March 2010 - 10:35 AM

Hi Bleep techies, I decided that I would go for a clean install, so if you get my post, please ignore it and consider it fixed. My computer has been more and more unstable and I reckon it would be a headache to keep on trying to sort it. Ive backed up and ready to go!! In advance, thank you to all on this site because it is so good to feel somewhere out there wants to share their knowledge and to help others. Cheers Woll

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:01 PM

Posted 05 March 2010 - 08:02 AM

Since this issue seems to be fixed, this topic will now be closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users