View Full Version : Family Computer Badly Infected.
forlittleppl
2008-01-29, 21:49
Hey guys,
I need help with this computer, it runs very slow and frequently crashes certain computer games. I know that for a while we had nothing but an expired pc-cillin doing virus protection(we now have AVG Free). Spybot itself doesn't even work. It halts partway through the scan saying that it was aborted by user. Any help would be appreciated. I have done the Kaspersky Scan And HiJack This. I can put the kaspersky log in a different post if you want, it's quite large.
HIJACK THIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:06 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\nipalsm.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - http://connect.comcast.com/dl/Comcast%20Activation%20Controls.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146279896500
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.pottersschool.org/login2006/atrium2006/XUpload.ocx
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11756 bytes
pskelley
2008-01-31, 15:13
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
I am not know if I can help or not, sounds like all of your problems are not malware and that you may have hardware issues. Let's do what I can see, hold that Kaspersky scan in case I ask for it.
You have a trojan: http://www.bleepingcomputer.com/startups/Insider.exe-20590.html let's proceed like this:
1) What version of Spybot are you running?
2) You are running two antivirus programs at the same time and this is not a good thing. They conflict with each other and you will be less safe than if you ran one good program and maintained it properly. Uninstall one, update the one you keep and run a complete system scan, post for me any item that can't be removed, the complete name and pathway.
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031316555206
"Microsoft recommends that you have only one anti-virus program installed on your computer."
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/03/AR2005120300087.html
http://www.smartcomputing.com/editorial/article.asp?article=articles/2003/s1407/38s07/38s07.asp
Internet Security 2006 is still all over your computer, uninstall it in Add Remove Programs. If it had a firewall you were using, make sure you turn on the Windows Firewall in the Security Center until you can decide about a firewall. I am assuming you want AVG by Grisoft to be your antivirus program.
3) C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546
4) I am assuming your HomePage is either Comcast or MSN and will remove the HP redirects, if you use them, don't remove them.
5) Start > Control Panel > Add Remove programs and uninstall C:\Program Files\Insider\ if there
6) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
Close all programs but HJT and all browser windows, then click on "Fix Checked"
7) RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\Program Files\Insider\ <<< delete that folder and contents
8) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart...once all above is done, post a new HJT log and some feedback about performance. If you receive error messages, post those "word for word". Post any information I reqested.
Thanks
forlittleppl
2008-01-31, 21:44
Thanks for the Help. Here's what I did for each step.
1. I have Spybot 1.4
2. I just uninstalled trendmicro
3. I removed Viewpoint
4. I wasn't sure if i was supposed to do anything here
5. Removed Insider
6. Did that
7. I couldnt find the Inseder file to delete
8. Ran it
I didn't get any error messages.
Here's the HiJack Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:38 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - http://connect.comcast.com/dl/Comcast%20Activation%20Controls.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146279896500
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.pottersschool.org/login2006/atrium2006/XUpload.ocx
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 9767 bytes
Thanks a bunch, the computer works alot better now.
pskelley
2008-01-31, 22:13
Thanks for the feedback, your HJT log is looking much better, but I still see this:
1) Spybot S&D version 1.5 has been released for a while now, I suggest you update to it, that should take care of those problems.
http://www.safer-networking.org/en/spybotsd15/index.html
3) C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
You say removed it, but it is still in the HJT log. You need to uninstall it in Add Remove programs. Once you know it is uninstall, then navigate to:
C:\Program Files\Viewpoint\ <<< delete the folder
4) I just left the decision to you, you might have wanted the HP redirects for your browser. You did miss one of them:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
I suggest we run a new Kaspersky scan to make sure nothing is hiding, use these settings:
Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner
Next Click on Launch Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.
Then post it here. If it needs more than a post, you may attach it as a .txt file.
You can start looking at this information which may help your computer run better:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
forlittleppl
2008-02-02, 17:06
Thanks for the help, here is the log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 02, 2008 9:59:18 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/02/2008
Kaspersky Anti-Virus database records: 507183
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 211453
Number of viruses found: 7
Number of infected objects: 12
Number of suspicious objects: 2
Duration of the scan process: 05:24:12
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3027ced89c53d447773beb9a1f4e5a54_b90ad65a-f23a-42e6-aaff-8241afb55847 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\310a982bbff74092f0b3a8f9607b95bf_b90ad65a-f23a-42e6-aaff-8241afb55847 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511a0f3f9e960fa97de3d0b74adfc574_2bc185e3-cfc4-4ad7-93cd-e3e287ba4206 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511a0f3f9e960fa97de3d0b74adfc574_b90ad65a-f23a-42e6-aaff-8241afb55847 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\98e4f3c0e9b5b620617e1c614818827f_b90ad65a-f23a-42e6-aaff-8241afb55847 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a1730b2c53d2957bd28aee68975e78f4_b90ad65a-f23a-42e6-aaff-8241afb55847 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\af377f732984f9d6b4153a6b0a9faf03_2bc185e3-cfc4-4ad7-93cd-e3e287ba4206 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d20448f3e45e153a0d20cd036ffabfe3_b90ad65a-f23a-42e6-aaff-8241afb55847 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\da1d37885f80a3796a549f0a2ac9e3be_2bc185e3-cfc4-4ad7-93cd-e3e287ba4206 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eaeb55b53b22a814d39cf12152519ce5_2bc185e3-cfc4-4ad7-93cd-e3e287ba4206 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_5a8.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-439481cb/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-439481cb ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008013120080201\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008020120080202\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008020220080203\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFD328.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFD333.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_549.trc Object is locked skipped
C:\Program Files\STC\bundles.exe Infected: Trojan.Win32.SecondThought.ba skipped
C:\sextxsp.chm/1.htm Infected: Exploit.HTML.CodeBaseExec skipped
C:\sextxsp.chm/on-line.exe Infected: Trojan.Win32.Small.bb skipped
C:\sextxsp.chm CHM: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{ED1AD764-6EE8-45D8-B9BD-559926E4C6F0}\RP638\change.log Object is locked skipped
C:\WINDOWS\b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\WINDOWS\b104.exe/stream Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\WINDOWS\b104.exe NSIS: infected - 2 skipped
C:\WINDOWS\cpruninst.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.Adroar skipped
C:\WINDOWS\cpruninst.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.Adroar skipped
C:\WINDOWS\cpruninst.exe WiseSFX: infected - 2 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
forlittleppl
2008-02-02, 17:08
F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\fc577710bb2f2f721704cbd6fee993a7_ae499ef6-0b80-4775-9ce9-24ff09ccdba8 Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39dfca672d54377fa66cd16bf15f77d0_ae499ef6-0b80-4775-9ce9-24ff09ccdba8 Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\448a7531b8df790a548c196e874faf70_ae499ef6-0b80-4775-9ce9-24ff09ccdba8 Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511a0f3f9e960fa97de3d0b74adfc574_ae499ef6-0b80-4775-9ce9-24ff09ccdba8 Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80cd91380bbda01e243e5663beac58e7_ae499ef6-0b80-4775-9ce9-24ff09ccdba8 Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\870602282513d71f20e478cae031e041_ae499ef6-0b80-4775-9ce9-24ff09ccdba8 Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\97fb1f74433bcf2df4851714428fc993_ae499ef6-0b80-4775-9ce9-24ff09ccdba8 Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9dae3a87b005de6271b24fe13fb8b8d1_ae499ef6-0b80-4775-9ce9-24ff09ccdba8 Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac2275bba8906229f6b1af524bf68f9f_ae499ef6-0b80-4775-9ce9-24ff09ccdba8 Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b125deb04d61aa5141fde932f2568527_ae499ef6-0b80-4775-9ce9-24ff09ccdba8 Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d415517555147ca0a2500ae6fc404b2b_ae499ef6-0b80-4775-9ce9-24ff09ccdba8 Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\db3072ed23f774a95b21408eb429d83e_ae499ef6-0b80-4775-9ce9-24ff09ccdba8 Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy1.zip/msexreg.exe Suspicious: Password-protected-EXE skipped
F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy1.zip ZIP: suspicious - 1 skipped
F:\Documents and Settings\Mike\My Documents\Old Documents\A Dollar to Spend .doc Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000216.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000217.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000218.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000219.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000220.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000221.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000222.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000223.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000224.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000225.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000226.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000227.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000228.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000229.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000230.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000231.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000232.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000233.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000234.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000235.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000236.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000237.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP10\A0000238.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000245.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000246.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000247.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000248.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000249.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000250.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000251.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000252.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000253.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000254.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000255.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000256.sys Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000257.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000258.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000259.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000260.sys Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000261.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000262.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000263.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000264.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP11\A0000265.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP12\A0000273.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP12\A0000274.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP12\A0000275.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP12\A0000276.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP12\A0000277.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP12\A0000278.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP12\A0000279.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP12\A0000280.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP12\A0000281.cnv Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000348.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000349.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000350.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000351.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000352.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000353.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000354.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000355.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000356.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000357.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000358.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000359.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000360.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000361.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000362.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000363.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000364.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000365.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000366.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000367.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000368.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000369.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000370.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000371.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000372.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000373.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000374.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000375.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000376.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000377.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000378.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000379.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000380.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000381.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000382.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000383.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000384.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000385.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000386.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000387.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000388.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000389.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000390.exe Object is locked skipped
forlittleppl
2008-02-02, 17:09
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000391.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000392.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000393.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000394.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000395.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000396.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000397.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000398.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000399.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000400.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000401.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000402.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000403.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000404.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000405.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP13\A0000406.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000563.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000564.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000565.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000566.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000567.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000568.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000569.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000570.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000571.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000572.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000573.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000574.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000575.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000576.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000577.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000578.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000579.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000580.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000581.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP14\A0000582.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000610.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000611.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000612.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000613.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000614.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000615.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000616.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000617.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000618.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000619.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000620.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000621.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000622.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000623.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000624.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000625.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000626.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000627.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000628.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000629.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP15\A0000630.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000660.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000661.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000662.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000663.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000664.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000665.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000666.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000667.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000668.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000669.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000670.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000671.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000672.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000673.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000674.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000675.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000676.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000677.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000678.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000679.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000680.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000681.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000682.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000683.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000684.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000685.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000686.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000687.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000688.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000689.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000690.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000691.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000692.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000693.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000694.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000695.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000696.tsp Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000697.TSP Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000698.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000699.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000700.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000701.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000702.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000703.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000704.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000705.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000706.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000707.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000708.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000709.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000710.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000711.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP16\A0000712.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000092.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000093.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000094.sys Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000095.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000096.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000097.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000098.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000099.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000100.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000101.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000102.dll Object is locked skipped
forlittleppl
2008-02-02, 17:10
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000103.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000104.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000105.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000106.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000107.sys Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000108.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000109.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000110.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000111.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP6\A0000112.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000124.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000125.ocx Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000126.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000127.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000128.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000129.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000130.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000131.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000132.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000133.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000134.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000135.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000136.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000137.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000138.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000139.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000140.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000141.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000142.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000143.ocx Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000144.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000145.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000146.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000147.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000148.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000149.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000150.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000151.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP7\A0000152.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000159.sys Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000160.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000161.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000162.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000163.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000164.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000165.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000166.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000167.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000168.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000169.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000170.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000171.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000172.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000173.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000174.sys Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000175.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000176.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000177.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000178.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP8\A0000179.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000189.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000190.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000191.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000192.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000193.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000194.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000195.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000196.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000197.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000198.ver Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000199.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000200.cat Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000201.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000202.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000203.inf Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000204.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000205.dll Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000206.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000207.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000208.exe Object is locked skipped
F:\System Volume Information\_restore{B831D5CA-04E3-4D65-85B2-0BD70724DDB7}\RP9\A0000209.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\kb828741.cat Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\kb835732.cat Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
F:\WINDOWS\$NtUninstallQ329115$\reg00002 Object is locked skipped
Scan process completed.
pskelley
2008-02-02, 17:29
Thanks for returning the Kaspersky scan, a little more cleaning to do:
F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ <<< delete the contents of that "Recovery Folder"
http://ict.cas.psu.edu/training/howto/util/removespybot.htm#1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\ <<< delete the contents
http://support.f-secure.com/enu/home/virusproblem/howtoclean/cleanjavacache.shtml
C:\Program Files\STC\bundles.exe <<< look at that folder it may need to be deleted, but the file needs to go.
C:\sextxsp.chm <<< delete that file
C:\WINDOWS\b104.exe <<< delete that file
C:\WINDOWS\cpruninst.exe <<< delete that file
Empty the Recycle Bin on your Desktop, restart and run a new Kaspersky scan. I do not need to see a clean scan. Let me know how things are running at that point.
Thanks...Phil
pskelley
2008-02-07, 11:53
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.