View Full Version : Virtumonde maybe?
I'm more than positive I have the Virtumonde virus, but here is the hijack log. The kaspersky log is kinda big, but I can post it if you need it.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:50 PM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {60BB94A9-B660-4A4C-AAAF-D32D29DF7745} - (no file)
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\vtutuss.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {e070d6d9-fe67-4238-9438-6df4cf0526cc} - (no file)
O2 - BHO: (no name) - {E9DA0DBC-0518-4004-9CDC-26DBF78D2507} - C:\WINDOWS\system32\CTSFINS.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{28DB0B09-0A28-1033-0507-031219050001}] "C:\Program Files\Common Files\{28DB0B09-0A28-1033-0507-031219050001}\Update.exe" mc-110-12-0002400 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{28DB0B09-0A28-1033-0507-031219050001}] "C:\Program Files\Common Files\{28DB0B09-0A28-1033-0507-031219050001}\Update.exe" mc-110-12-0002400 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O20 - Winlogon Notify: fwcdev - fwcdev.dll (file missing)
O20 - Winlogon Notify: vtutuss - C:\WINDOWS\SYSTEM32\vtutuss.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6563 bytes
Any help is greatly appreciated.
Hi tbrooks
Yes, post that kaspersky report next, please :)
KASPERSKY ONLINE SCANNER REPORTKASPERSKY ONLINE SCANNER REPORT
Monday, October 22, 2007 11:07:19 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build
2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/10/2007
Kaspersky Anti-Virus database records: 442991
Scan Settings
Scan using the following antivirus databaseextended
Scan Archivestrue
Scan Mail Basestrue
Scan TargetMy Computer
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects103527
Number of viruses found27
Number of infected objects61
Number of suspicious objects0
Duration of the scan process01:29:50
Infected Object NameVirus NameLast Action
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\A0018822.exe.bac_a01004
Infected: not-a-virus:AdTool.Win32.Zango.b skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\A0025603.dll.bac_a01004
Infected: not-a-virus:AdWare.Win32.TrafficSol.j skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\A0026603.dll.bac_a01004
Infected: not-a-virus:AdWare.Win32.TrafficSol.l skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\A0027609.exe.bac_a01004
Infected: Trojan.Win32.Agent.bur skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\A0027632.dll.bac_a01004
Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\isinst.exe.bac_a01004
Infected: Trojan-Downloader.Win32.IstBar.pu skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\nsf4F3.tmp.bac_a01004
Infected: not-a-virus:AdWare.Win32.Agent.dy skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\samyca22011.ex_.bac_a01004
Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\SET1BC.tmp.bac_a01004
Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\SET1BE.tmp.bac_a01004
Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\SET50F.tmp.bac_a01004
Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\SET511.tmp.bac_a01004
Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\Setup(4).exe.bac_a01004
Infected: not-a-virus:Downloader.Win32.WinFixer.m skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\Setup(5).exe.bac_a01004
Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\Setup(6).exe.bac_a01004
Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\snapsnet.exe.bac_a01004/data0005
Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\snapsnet.exe.bac_a01004
NSIS: infected - 1 skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\snapsnet.exe.bac_a01004
CryptFF.b: infected - 1 skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\temp.exe.bac_a01004/EXE-file
Infected: Trojan-Downloader.Win32.ConHook.bg skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\temp.exe.bac_a01004
Embedded EXE: infected - 1 skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\temp.exe.bac_a01004
CryptFF.b: infected - 1 skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\thinksnet.exe.bac_a01004
Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\vtutuss.dll.bac_a01004
Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\winaspsnet.exe.bac_a01004
Infected: not-a-virus:Downloader.Win32.WinFixer.w skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\yazzlesnet.exe.bac_a01004/data0002
Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\yazzlesnet.exe.bac_a01004
NSIS: infected - 1 skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\yazzlesnet.exe.bac_a01004
CryptFF.b: infected - 1 skipped
C:\Documents and
Settings\Administrator\.housecall6.6\Quarantine\~fd43563.tmp.bac_a01004
Infected: Trojan.Win32.Kolweb.m skipped
C:\Documents and Settings\Administrator\Application
Data\Mozilla\Firefox\Profiles\ukucx7du.default\cert8.db Object is locked
skipped
C:\Documents and Settings\Administrator\Application
Data\Mozilla\Firefox\Profiles\ukucx7du.default\history.dat Object is
locked skipped
C:\Documents and Settings\Administrator\Application
Data\Mozilla\Firefox\Profiles\ukucx7du.default\key3.db Object is locked
skipped
C:\Documents and Settings\Administrator\Application
Data\Mozilla\Firefox\Profiles\ukucx7du.default\parent.lock Object is
locked skipped
C:\Documents and Settings\Administrator\Application
Data\Mozilla\Firefox\Profiles\ukucx7du.default\search.sqlite Object is
locked skipped
C:\Documents and Settings\Administrator\Application
Data\Mozilla\Firefox\Profiles\ukucx7du.default\urlclassifier2.sqlite
Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked
skipped
C:\Documents and Settings\Administrator\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application
Data\Mozilla\Firefox\Profiles\ukucx7du.default\Cache\_CACHE_001_ Object is
locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application
Data\Mozilla\Firefox\Profiles\ukucx7du.default\Cache\_CACHE_002_ Object is
locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application
Data\Mozilla\Firefox\Profiles\ukucx7du.default\Cache\_CACHE_003_ Object is
locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application
Data\Mozilla\Firefox\Profiles\ukucx7du.default\Cache\_CACHE_MAP_ Object is
locked skipped
C:\Documents and Settings\Administrator\Local
Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\bisE47.exe
Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Administrator\Local
Settings\Temp\k11u72.exe/data0005 Infected: Trojan-Downloader.Win32.VB.awj
skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\k11u72.exe
NSIS: infected - 1 skipped
C:\Documents and Settings\Administrator\Local
Settings\Temp\s19g/stream/data0004 Infected:
not-a-virus:AdWare.Win32.TrafficSol.l skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\s19g/stream
Infected: not-a-virus:AdWare.Win32.TrafficSol.l skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\s19g NSIS:
infected - 2 skipped
C:\Documents and Settings\Administrator\Local
Settings\Temp\setup.exe/stream/data0003 Infected:
not-a-virus:AdWare.Win32.Agent.dy skipped
C:\Documents and Settings\Administrator\Local
Settings\Temp\setup.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.dy
skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\setup.exe
NSIS: infected - 2 skipped
C:\Documents and Settings\Administrator\Local
Settings\Temp\setup_rightonadz.exe/stream/data0004 Infected:
not-a-virus:AdWare.Win32.TrafficSol.h skipped
C:\Documents and Settings\Administrator\Local
Settings\Temp\setup_rightonadz.exe/stream Infected:
not-a-virus:AdWare.Win32.TrafficSol.h skipped
C:\Documents and Settings\Administrator\Local
Settings\Temp\setup_rightonadz.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\TIP2D002.exe
Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\Documents and Settings\Administrator\Local
Settings\Temp\whCC-TRAFE5.exe/data.rar/whAgent.exe Infected:
not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\Administrator\Local
Settings\Temp\whCC-TRAFE5.exe/data.rar/whInstaller.exe Infected:
not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\Administrator\Local
Settings\Temp\whCC-TRAFE5.exe/data.rar/webhdll.dll Infected:
not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\Administrator\Local
Settings\Temp\whCC-TRAFE5.exe/data.rar/whiehlpr.dll Infected:
not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\Administrator\Local
Settings\Temp\whCC-TRAFE5.exe/data.rar Infected:
not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\Administrator\Local
Settings\Temp\whCC-TRAFE5.exe RarSFX: infected - 5 skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet
Files\Content.IE5\EHNSD1KI\CAG9ENC5 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked
skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked
skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log
Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked
skipped
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local
Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked
skipped
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked
skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked
skipped
C:\Program Files\Common
Files\{28DB0B09-0A28-1033-0507-031219050001}\system.dll Infected:
not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\Program Files\Common
Files\{28DB0B09-0A28-1033-0507-031219050001}\Update.exe Object is locked
skipped
C:\Program Files\Common
Files\{38DB0B09-0A28-1033-0507-031219050001}\888Bar.dll Infected:
not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\RECYCLER\S-1-5-18\Dc1\system.dll Infected:
not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\RECYCLER\S-1-5-18\Dc2\system.dll Infected:
not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\RECYCLER\S-1-5-18\Dc3\system.dll Infected:
not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped
C:\System Volume
Information\_restore{40F988E6-8080-4513-8BB7-3BEB7697D4C0}\RP1\A0000003.exe
Infected: Trojan-Downloader.Win32.Agent.boa skipped
C:\System Volume
Information\_restore{40F988E6-8080-4513-8BB7-3BEB7697D4C0}\RP1\A0000004.dll
Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume
Information\_restore{40F988E6-8080-4513-8BB7-3BEB7697D4C0}\RP1\A0000005.dll
Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume
Information\_restore{40F988E6-8080-4513-8BB7-3BEB7697D4C0}\RP1\change.log
Object is locked skipped
C:\VundoFix Backups\tmp1BC.tmp.dll.bad Infected:
not-a-virus:AdWare.Win32.Virtumonde.acp skipped
C:\VundoFix Backups\vtutuss.dll.bad Infected:
not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\plite731.ex_ Infected: not-a-virus:AdWare.Win32.Agent.lv
skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked
skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\awtqn.dll Object is locked skipped
C:\WINDOWS\system32\awtqp.dll Object is locked skipped
C:\WINDOWS\system32\awvtr.dll Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ddaba.dll Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\jkhfe.dll Object is locked skipped
C:\WINDOWS\system32\jkhhi.dll Object is locked skipped
C:\WINDOWS\system32\mllji.dll Object is locked skipped
C:\WINDOWS\system32\ssqpp.dll Object is locked skipped
C:\WINDOWS\system32\ssqrq.dll Object is locked skipped
C:\WINDOWS\system32\vturo.dll Object is locked skipped
C:\WINDOWS\system32\vtutuss.dll Infected:
not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked
skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5a4.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_cd323f50-bbe4-49f3-8423-ab6a7f367625
Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Dr
Watson\user.dmp Object is locked skipped
F:\RECYCLER\S-1-5-21-2052111302-796845957-682003330-1003\Dc1.lnk Object is
locked skipped
F:\RECYCLER\S-1-5-21-2052111302-796845957-682003330-1003\Dc10.exe Object
is locked skipped
F:\RECYCLER\S-1-5-21-2052111302-796845957-682003330-1003\Dc11.exe Object
is locked skipped
F:\RECYCLER\S-1-5-21-2052111302-796845957-682003330-1003\Dc12.bin Object
is locked skipped
F:\RECYCLER\S-1-5-21-2052111302-796845957-682003330-1003\Dc2.exe Object is
locked skipped
F:\RECYCLER\S-1-5-21-2052111302-796845957-682003330-1003\Dc3.mp3 Object is
locked skipped
F:\RECYCLER\S-1-5-21-2052111302-796845957-682003330-1003\Dc4.mp3 Object is
locked skipped
F:\RECYCLER\S-1-5-21-2052111302-796845957-682003330-1003\Dc5.mp3 Object is
locked skipped
F:\RECYCLER\S-1-5-21-2052111302-796845957-682003330-1003\Dc6.mp3 Object is
locked skipped
F:\RECYCLER\S-1-5-21-2052111302-796845957-682003330-1003\Dc7.mp3 Object is
locked skipped
F:\RECYCLER\S-1-5-21-2052111302-796845957-682003330-1003\Dc8.lnk Object is
locked skipped
F:\RECYCLER\S-1-5-21-2052111302-796845957-682003330-1003\Dc9.ini Object is
locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP391\A0047343.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP391\A0047362.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0047374.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0047472.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0047473.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0047474.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0047475.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0047476.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0047477.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0047478.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0048347.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0048348.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049346.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049348.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049418.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049419.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049420.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049421.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049422.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049423.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049424.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049427.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049452.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049453.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049542.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049543.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049544.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049545.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049546.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049547.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049548.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049549.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049555.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049611.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049612.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049613.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049614.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049615.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049616.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049621.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049625.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP392\A0049626.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0049629.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0049630.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0049631.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0049662.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050619.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050621.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050652.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050680.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050683.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050687.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050688.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050689.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050690.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050691.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050692.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050693.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050694.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050695.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050696.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050697.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050698.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050699.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050700.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050701.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050729.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0050730.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0051683.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0051686.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0051714.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0051715.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0051716.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0051718.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0051719.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0051720.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0051725.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0051726.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP393\A0051727.properties
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP394\A0051728.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP394\A0051729.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP395\A0051835.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP395\A0051842.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP395\A0051843.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP395\A0051844.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP395\A0051847.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP395\A0051848.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP395\A0051849.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0051866.ico
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0051867.ico
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052192.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052193.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052194.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052195.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052196.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052197.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052198.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052199.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052200.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052203.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052204.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052839.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052866.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052869.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052956.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052957.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052958.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052959.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052960.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052961.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052962.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052963.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052964.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052965.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052966.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052986.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052987.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052988.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052989.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052990.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052991.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP396\A0052992.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053870.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053873.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053874.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053875.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053879.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053880.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053881.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053882.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053883.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053884.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053885.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053886.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053887.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053888.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053889.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053890.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053891.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053892.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053893.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053894.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053895.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053896.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053897.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053898.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053899.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053900.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053901.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053902.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053903.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053904.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053905.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053906.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053907.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053908.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053909.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053910.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053911.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053912.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053913.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053914.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053915.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053916.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053917.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053918.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053919.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053920.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053921.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053922.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053923.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053924.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053925.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053926.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053927.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053928.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053929.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053930.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053958.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053960.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0053961.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0054869.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0054898.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0054902.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP397\A0054903.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP398\A0054906.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP398\A0054910.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP398\A0054938.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP398\A0054939.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP398\A0054940.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP398\A0054941.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP398\A0054942.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP398\A0054943.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0054960.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0054961.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0054962.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0054963.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0054964.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0054965.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0054966.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0054967.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0054968.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0054969.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0054970.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0054971.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0054974.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0055005.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0055007.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0055008.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0055010.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0055011.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0055012.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0055013.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0055014.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0055015.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0055016.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0055017.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0055018.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0055019.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP399\A0055020.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP400\A0055050.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055051.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055052.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055054.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055055.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055058.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055088.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055089.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055090.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055091.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055093.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055094.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055095.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055096.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055097.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055098.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055099.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055100.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055101.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055103.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055104.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP401\A0055105.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055135.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055136.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055182.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055183.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055184.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055185.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055186.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055187.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055188.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055189.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055190.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055191.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055192.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055193.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055194.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055196.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055197.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055198.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055259.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055260.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055261.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055262.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055263.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP402\A0055264.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055269.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055270.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055271.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055272.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055273.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055274.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055275.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055276.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055277.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055279.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055280.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055281.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055285.dll
Infected: not-a-virus:AdWare.Win32.HotBar.cc skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055296.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055297.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055298.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055299.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055300.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055301.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055332.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055333.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055334.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055335.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055336.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055337.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055338.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055339.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055340.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055341.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055342.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055343.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055344.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055345.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055348.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP403\A0055352.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055356.dll
Infected: not-a-virus:AdWare.Win32.HotBar.cc skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055375.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055376.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055377.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055379.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055407.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055408.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055409.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055410.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055412.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055417.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055419.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055420.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055425.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055426.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055427.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055428.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055429.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055430.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055431.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055432.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055433.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055434.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055435.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055436.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055438.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055439.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055440.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055441.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055443.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055444.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055445.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055473.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055474.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055477.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055481.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP404\A0055486.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP405\A0055488.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP405\A0055489.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP405\A0055490.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP405\A0055491.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP405\A0055492.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP405\A0055493.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP405\A0055498.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP406\A0055503.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP406\A0055511.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP406\A0055512.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP406\A0055513.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP406\A0055514.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP406\A0055515.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP406\A0055516.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP406\A0055517.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP406\A0055518.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP406\A0055519.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP406\A0055520.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP406\A0055521.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP406\A0055522.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP406\A0055523.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0055525.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0055528.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0055529.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0055532.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0055536.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0055539.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0055540.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0055541.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056535.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056537.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056539.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056540.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056541.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056542.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056543.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056544.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056545.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056546.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056547.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056548.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056549.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056550.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056551.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056552.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056553.LNK
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056554.LNK
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056555.LNK
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056556.LNK
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056557.LNK
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056558.LNK
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056559.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056560.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056561.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP407\A0056562.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP408\A0056565.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP408\A0056566.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP408\A0056567.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP408\A0056584.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP408\A0056586.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP408\A0056587.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP408\A0056588.exe
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP408\A0056630.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP408\A0056658.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056660.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056661.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056691.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056701.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056702.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056703.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056704.irs
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056707.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056708.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056709.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056710.properties
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056712.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056713.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056714.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056715.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056718.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056720.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056723.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056725.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056729.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056730.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056734.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056735.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056738.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056740.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056743.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP409\A0056745.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP410\A0056773.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP410\A0056776.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP410\A0056779.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP410\A0056780.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP410\A0056781.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP410\A0056782.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP410\A0057744.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP410\A0057745.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP410\A0057746.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP410\A0057747.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP410\A0057750.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP410\A0057751.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP410\A0057752.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP411\A0057754.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP411\A0057757.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP411\A0057758.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP411\A0057759.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP411\A0057760.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP411\A0057761.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP411\A0057762.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP411\A0057763.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP411\A0057764.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP411\A0057765.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP411\A0057766.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP411\A0057767.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP411\A0057768.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP412\A0057769.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP412\A0057773.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP412\A0057774.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP412\A0057775.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP412\A0057776.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP412\A0057777.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP412\A0057778.irs
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP412\A0057779.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP412\A0057780.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP412\A0057783.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP412\A0057788.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP412\A0057789.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP412\A0057790.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP412\A0057793.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP412\A0057795.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP412\A0057796.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP412\A0057797.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP412\A0057798.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP412\A0057799.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP413\A0057803.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP413\A0057806.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP413\A0057807.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP413\A0057809.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP413\A0057810.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP413\A0057811.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP413\A0057812.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP413\A0057813.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP413\A0057814.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP413\A0057815.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP413\A0057816.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP413\A0057817.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP413\A0057818.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP413\A0057819.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP413\A0057821.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP413\A0057822.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057824.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057827.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057828.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057830.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057831.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057832.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057833.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057834.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057835.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057836.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057837.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057838.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057839.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057840.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057841.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057842.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057843.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057844.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057845.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057846.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057847.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057848.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057849.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057850.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057851.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057852.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057853.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057854.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057855.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057857.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057858.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057859.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057860.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP414\A0057861.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057868.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057869.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057870.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057871.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057872.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057873.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057874.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057875.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057876.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057877.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057878.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057879.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057880.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057881.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057882.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057883.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057884.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057885.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057886.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057887.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057888.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057942.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057943.dll
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057944.dll
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057945.dll
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057946.dll
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057947.dll
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057948.dll
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057949.dll
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057950.dll
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057951.dll
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057952.dll
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057953.dll
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057954.dll
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP415\A0057956.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP416\A0057959.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP416\A0057987.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP417\A0057990.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP417\A0057991.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP417\A0057992.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP417\A0057993.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP417\A0057994.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP417\A0057995.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP417\A0057996.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP417\A0057997.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP417\A0057998.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP417\A0057999.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP417\A0058000.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP417\A0058004.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP417\A0058005.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP417\A0058006.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP417\A0058007.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP417\A0058008.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP417\A0058009.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP417\A0058010.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP418\A0058012.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP418\A0058013.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP418\A0058014.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP418\A0058015.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP418\A0058016.psp
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP418\A0058017.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP418\A0058018.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP418\A0058021.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP418\A0058022.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP419\A0058024.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP419\A0058051.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP419\A0058052.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP419\A0058053.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP419\A0058054.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP419\A0058055.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP419\A0058056.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP419\A0058059.lnk
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP419\A0059793.ini
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP419\A0059795.mfl
Object is locked skipped
F:\System Volume
Information\_restore{178EDF31-C9E7-4B39-9FD2-6F7723488B69}\RP419\A0059798.ini
Object is locked skipped
Scan process completed.
Hi
1. Download combofix from one of these links and save it to Desktop:
Link1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link2 (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post:
- a fresh HijackThis log
- combofix report
ComboFix 07-10-23.1 - Administrator 2007-10-24 18:52:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.645 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\Program Files\Common Files\{28DB0~1\system.dll
C:\Program Files\Common Files\{28DB0~1\Update.exe
C:\Program Files\Common Files\{38DB0~1\888Bar.dll
C:\Temp\1cb\syscheck.log
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\dn28db0b09.dat
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\stutv.bak1
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\vturr.dll
C:\WINDOWS\system32\vtutuss.dll
C:\WINDOWS\system32\wcpsvit32.exe
C:\WINDOWS\system32\xbadd.bak1
C:\WINDOWS\system32\xbadd.bak2
C:\WINDOWS\system32\xbadd.ini2
C:\WINDOWS\system32\xbadd.tmp
.
---- Previous Run -------
.
C:\check_LSA7.txt
C:\Program Files\Common Files\{28DB0~1
C:\Program Files\Common Files\{28DB0~1\system.dll
C:\Program Files\Common Files\{28DB0~1\Update.exe
C:\Program Files\Common Files\{38DB0~1
C:\Program Files\Common Files\{38DB0~1\888Bar.dll
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\dobe~1
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\dn28db0b09.dat
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\stutv.bak1
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\vturr.dll
C:\WINDOWS\system32\vtutuss.dll
C:\WINDOWS\system32\wcpsvit32.exe
C:\WINDOWS\system32\xbadd.bak1
C:\WINDOWS\system32\xbadd.bak2
C:\WINDOWS\system32\xbadd.ini2
C:\WINDOWS\system32\xbadd.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CLIENT_IP-IPX
-------\LEGACY_DOMAINSERVICE
-------\Client IP-IPX
((((((((((((((((((((((((( Files Created from 2007-09-24 to 2007-10-24 )))))))))))))))))))))))))))))))
.
2007-10-24 18:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-22 23:09 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-22 20:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-22 19:46 <DIR> d-------- C:\Program Files\XoftSpySE
2007-10-19 18:04 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-10-19 18:03 <DIR> d-------- C:\Program Files\Real
2007-10-19 18:03 <DIR> d-------- C:\Program Files\Common Files\Real
2007-10-18 19:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2007-10-15 19:03 <DIR> d-------- C:\WINDOWS\usb-audio.deBehringer2902
2007-10-15 19:03 110,272 -ra------ C:\WINDOWS\system32\drivers\BUSB2902.sys
2007-10-15 18:59 <DIR> d-------- C:\Program Files\Native Instruments
2007-10-15 18:59 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-10-15 18:59 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-10-15 18:59 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-10-15 18:59 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-15 18:59 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-10-15 18:59 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-10-14 21:43 <DIR> d-------- C:\Program Files\Snes9x
2007-10-14 21:43 216,064 --a------ C:\WINDOWS\iun3405.exe
2007-10-07 08:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Legends of pirates
2007-10-06 10:14 <DIR> d-------- C:\Program Files\Easy Music Composer Free
2007-10-02 22:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Move Networks
2007-09-29 17:52 108,117 --a------ C:\WINDOWS\system32\CTSFINS.dll
2007-09-26 01:21 <DIR> d-------- C:\Program Files\Nanny Mania
2007-09-26 01:17 <DIR> d-------- C:\Program Files\Cake Mania
2007-09-26 01:06 <DIR> d-------- C:\Program Files\Big City Adventure - San Francisco
2007-09-26 00:55 <DIR> d-------- C:\Program Files\Cake Mania 2
2007-09-24 17:03 <DIR> d-------- C:\VundoFix Backups
2007-09-24 15:19 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-24 15:16 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-24 23:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2007-10-23 00:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-10-18 03:07 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2007-09-27 00:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PlayFirst
2007-09-23 03:12 --------- d-----w C:\Program Files\Starcraft
2007-09-23 01:34 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-09-23 01:31 --------- d-----w C:\Program Files\Chocolatier
2007-09-22 22:46 --------- d-----w C:\Program Files\ReflexiveArcade
2007-09-22 15:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Jane s Hotel
2007-09-21 18:11 --------- d-----w C:\Program Files\LimeWire
2007-09-20 21:52 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2007-09-20 19:54 --------- d-----w C:\Program Files\VDMSound
2007-09-19 21:42 --------- d-----w C:\Program Files\QuickTime
2007-09-17 12:00 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2007-09-13 12:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Sibelius Software
2007-09-13 12:20 --------- d-----w C:\Program Files\Sibelius Software
2007-09-11 05:32 --------- d-----w C:\Program Files\bfgclient
2007-09-10 02:30 --------- d-----w C:\Program Files\Virtual Villagers - The Lost Children
2007-09-07 21:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Sandlot Games
2007-09-06 05:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-06 05:59 --------- d-----w C:\Program Files\Sierra
2007-09-05 05:43 --------- d-----w C:\Program Files\Virtual Villagers - A New Home
2007-09-02 16:11 --------- d-----w C:\Program Files\Intel
2007-09-01 15:03 --------- d-----w C:\Program Files\PCPitstop
2007-08-31 05:26 --------- d-----w C:\Program Files\BFG
2007-08-26 02:32 --------- d-----w C:\Program Files\THQ
2007-08-22 17:59 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-08-17 20:13 1,228,884 --sha-w C:\WINDOWS\system32\wurbjptr.ini2
2007-08-17 18:52 1,598,228 --sha-w C:\WINDOWS\system32\fhkmp.bak1
2007-08-05 16:58 56,976 ----a-w C:\WINDOWS\system32\GenSvcInst.exe
2007-08-05 16:58 122,512 ----a-w C:\WINDOWS\system32\bgsvcgen.exe
2007-08-05 16:39 81,920 ----a-w C:\Documents and Settings\Administrator\Application Data\ezpinst.exe
2007-08-05 16:39 47,360 ----a-w C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27211F8D-B4F3-42A7-9F69-B901A757EA66}]
2005-06-30 15:24 108117 --a------ C:\WINDOWS\system32\CTSFINS.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60BB94A9-B660-4A4C-AAAF-D32D29DF7745}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6633576E-97E3-45AB-85FB-37A4DF170488}]
2005-06-30 15:24 108117 --a------ C:\WINDOWS\system32\CTSFINS.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e070d6d9-fe67-4238-9438-6df4cf0526cc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9DA0DBC-0518-4004-9CDC-26DBF78D2507}]
2005-06-30 15:24 108117 --a------ C:\WINDOWS\system32\CTSFINS.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 06:47]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-19 18:04]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fwcdev]
fwcdev.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
C:\Program Files\MSI\Live Update 3\LMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu]
"C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
"C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\ddbyyv.dll",forkonce
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
"C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;C:\WINDOWS\system32\Drivers\BUSB2902.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command - D:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command - E:\Launcher.EXE
.
Contents of the 'Scheduled Tasks' folder
"2007-10-24 04:59:59 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 14:00:00 C:\WINDOWS\Tasks\At10.job"
"2007-10-24 15:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 16:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 17:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 18:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 19:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 20:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 21:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 22:00:00 C:\WINDOWS\Tasks\At18.job"
"2007-10-24 22:59:59 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 06:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 00:00:00 C:\WINDOWS\Tasks\At20.job"
"2007-10-24 00:59:59 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 02:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 03:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 03:59:59 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 07:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 08:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 09:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 10:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 11:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 12:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-24 13:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\dwevLgYj.exe
"2007-10-23 01:25:52 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-10-19 00:47:02 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-10-24 23:56:02 C:\WINDOWS\Tasks\XoftSpySE 2.job"
"2007-10-23 13:00:46 C:\WINDOWS\Tasks\XoftSpySE.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-24 18:56:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vkquwexg]
"imagepath"="system32\drivers\ComboFix.sys"
.
Completion time: 2007-10-24 18:57:40 - machine was rebooted
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:27 PM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F31B2B7-D622-41C2-98A9-D159B45EFEE2} - C:\WINDOWS\system32\CTSFINS.dll
O2 - BHO: (no name) - {27211F8D-B4F3-42A7-9F69-B901A757EA66} - C:\WINDOWS\system32\CTSFINS.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {60BB94A9-B660-4A4C-AAAF-D32D29DF7745} - (no file)
O2 - BHO: (no name) - {6633576E-97E3-45AB-85FB-37A4DF170488} - C:\WINDOWS\system32\CTSFINS.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {e070d6d9-fe67-4238-9438-6df4cf0526cc} - (no file)
O2 - BHO: (no name) - {E9DA0DBC-0518-4004-9CDC-26DBF78D2507} - C:\WINDOWS\system32\CTSFINS.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O20 - Winlogon Notify: fwcdev - fwcdev.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6045 bytes
Hi
Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\system32\wurbjptr.ini2
C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\CTSFINS.dll
C:\WINDOWS\system32\dwevLgYj.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27211F8D-B4F3-42A7-9F69-B901A757EA66}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60BB94A9-B660-4A4C-AAAF-D32D29DF7745}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6633576E-97E3-45AB-85FB-37A4DF170488}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e070d6d9-fe67-4238-9438-6df4cf0526cc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9DA0DBC-0518-4004-9CDC-26DBF78D2507}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fwcdev]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
ComboFix 07-10-23.1 - Administrator 2007-10-25 18:04:26.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.677 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\CTSFINS.dll
C:\WINDOWS\system32\dwevLgYj.exe
C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\wurbjptr.ini2
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\wurbjptr.ini2
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\system32\CTSFINS.dll . . . . failed to delete
.
---- Previous Run -------
.
C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\wurbjptr.ini2
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.
((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 )))))))))))))))))))))))))))))))
.
2007-10-24 21:58 18,688 C:\WINDOWS\system32\drivers\zpadgmka.dat
2007-10-24 21:58 5,120 C:\WINDOWS\system32\drivers\dkxjdmqu.dat
2007-10-24 18:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-22 23:09 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-22 20:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-22 19:46 <DIR> d-------- C:\Program Files\XoftSpySE
2007-10-19 18:04 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-10-19 18:03 <DIR> d-------- C:\Program Files\Real
2007-10-19 18:03 <DIR> d-------- C:\Program Files\Common Files\Real
2007-10-18 19:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2007-10-15 19:03 <DIR> d-------- C:\WINDOWS\usb-audio.deBehringer2902
2007-10-15 19:03 110,272 -ra------ C:\WINDOWS\system32\drivers\BUSB2902.sys
2007-10-15 18:59 <DIR> d-------- C:\Program Files\Native Instruments
2007-10-15 18:59 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-10-15 18:59 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-10-15 18:59 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-10-15 18:59 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-15 18:59 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-10-15 18:59 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-10-14 21:43 <DIR> d-------- C:\Program Files\Snes9x
2007-10-14 21:43 216,064 --a------ C:\WINDOWS\iun3405.exe
2007-10-07 08:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Legends of pirates
2007-10-06 10:14 <DIR> d-------- C:\Program Files\Easy Music Composer Free
2007-10-02 22:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Move Networks
2007-09-29 17:52 108,117 --a------ C:\WINDOWS\system32\CTSFINS.dll
2007-09-26 01:21 <DIR> d-------- C:\Program Files\Nanny Mania
2007-09-26 01:17 <DIR> d-------- C:\Program Files\Cake Mania
2007-09-26 01:06 <DIR> d-------- C:\Program Files\Big City Adventure - San Francisco
2007-09-26 00:55 <DIR> d-------- C:\Program Files\Cake Mania 2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-25 13:00 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2007-10-23 00:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-10-18 03:07 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2007-09-27 00:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PlayFirst
2007-09-24 20:16 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-23 03:12 --------- d-----w C:\Program Files\Starcraft
2007-09-23 01:34 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-09-23 01:31 --------- d-----w C:\Program Files\Chocolatier
2007-09-22 22:46 --------- d-----w C:\Program Files\ReflexiveArcade
2007-09-22 15:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Jane s Hotel
2007-09-21 18:11 --------- d-----w C:\Program Files\LimeWire
2007-09-20 21:52 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2007-09-20 19:54 --------- d-----w C:\Program Files\VDMSound
2007-09-19 21:42 --------- d-----w C:\Program Files\QuickTime
2007-09-17 12:00 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2007-09-13 12:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Sibelius Software
2007-09-13 12:20 --------- d-----w C:\Program Files\Sibelius Software
2007-09-11 05:32 --------- d-----w C:\Program Files\bfgclient
2007-09-10 02:30 --------- d-----w C:\Program Files\Virtual Villagers - The Lost Children
2007-09-07 21:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Sandlot Games
2007-09-06 05:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-06 05:59 --------- d-----w C:\Program Files\Sierra
2007-09-05 05:43 --------- d-----w C:\Program Files\Virtual Villagers - A New Home
2007-09-02 16:11 --------- d-----w C:\Program Files\Intel
2007-09-01 15:03 --------- d-----w C:\Program Files\PCPitstop
2007-08-31 05:26 --------- d-----w C:\Program Files\BFG
2007-08-26 02:32 --------- d-----w C:\Program Files\THQ
2007-08-22 17:59 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-08-05 16:58 56,976 ----a-w C:\WINDOWS\system32\GenSvcInst.exe
2007-08-05 16:58 122,512 ----a-w C:\WINDOWS\system32\bgsvcgen.exe
2007-08-05 16:39 81,920 ----a-w C:\Documents and Settings\Administrator\Application Data\ezpinst.exe
2007-08-05 16:39 47,360 ----a-w C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((( snapshot@2007-10-24_18.56.56.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-25 23:07:51 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5ac.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F31B2B7-D622-41C2-98A9-D159B45EFEE2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 06:47]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-19 18:04]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
C:\Program Files\MSI\Live Update 3\LMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu]
"C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
"C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
"C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;C:\WINDOWS\system32\Drivers\BUSB2902.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command - D:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command - E:\Launcher.EXE
.
Contents of the 'Scheduled Tasks' folder
"2007-10-23 01:25:52 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-10-19 00:47:02 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-10-25 23:07:03 C:\WINDOWS\Tasks\XoftSpySE 2.job"
"2007-10-23 13:00:46 C:\WINDOWS\Tasks\XoftSpySE.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-25 18:07:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-25 18:08:39 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-24 18:57
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:57 PM, on 10/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F31B2B7-D622-41C2-98A9-D159B45EFEE2} - C:\WINDOWS\system32\CTSFINS.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5354 bytes
Hi
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)
Please click this link-->Jotti (http://virusscan.jotti.org/)
When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
C:\WINDOWS\system32\CTSFINS.dll
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/flash/index_en.html
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.