Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worm/delf.ajq?


  • Please log in to reply
13 replies to this topic

#1 r1ckst4

r1ckst4

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 19 August 2007 - 01:11 AM

Hi there... i'm having a problem here... i've made a thread about this here... there should be some good explanations on that thread.

It just keeps turning up and lately my comp freezes a lot i'm suspecting that this so called worm/delf.ajq is causing it but i have no idea what it is coz google didnt come up with anything. i've done virus scan, spyware scans and yeah it comes up with a few things but they didnt stop this "virus"

here's my hijackthis log... please help :thumbsup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:35 p.m., on 19/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\vsnpmi03.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ricky Yosua\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNPMI03] C:\WINDOWS\vsnpmi03.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5179 bytes

thanks in advance!

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 19 August 2007 - 04:50 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum r1ckst4 :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 r1ckst4

r1ckst4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 19 August 2007 - 05:06 AM

gday richie thanx for willing to help! :thumbsup: well here's the log u asked for..

ComboFix 07-08-17.2 - "Rickyy" 2007-08-19 21:56:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.520 [GMT 12:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))


2007-08-19 21:55 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 21:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NFS Underground
2007-08-09 21:12 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-08-09 20:57 <DIR> d-------- C:\Program Files\EA GAMES
2007-08-07 11:06 <DIR> d-------- C:\DOCUME~1\RICKYY~1\APPLIC~1\Ahead
2007-08-07 11:00 <DIR> d-------- C:\Program Files\Nero
2007-08-07 11:00 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-08-05 13:07 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-08-03 23:31 <DIR> d-------- C:\DOCUME~1\RICKYY~1\DoctorWeb
2007-08-02 23:05 <DIR> d-------- C:\DOCUME~1\RICKYY~1\Shared
2007-08-02 23:05 <DIR> d-------- C:\DOCUME~1\RICKYY~1\Incomplete
2007-08-02 23:04 <DIR> d-------- C:\DOCUME~1\RICKYY~1\APPLIC~1\LimeWire
2007-08-02 23:03 <DIR> d-------- C:\Program Files\LimeWire
2007-08-02 22:53 <DIR> d-------- C:\Program Files\InterMute
2007-08-02 22:47 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-02 22:47 <DIR> d-------- C:\DOCUME~1\RICKYY~1\APPLIC~1\Lavasoft
2007-08-02 22:46 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-08-02 22:46 <DIR> d-------- C:\Program Files\XVideoConverter
2007-08-01 17:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-20 10:44 <DIR> d-------- C:\Program Files\YSFLIGHT.COM


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-16 03:26 --------- d-------- C:\Program Files\GetRight
2007-08-14 00:03 --------- d-------- C:\Program Files\Diablo II
2007-08-11 02:42 --------- d-------- C:\DOCUME~1\RICKYY~1\APPLIC~1\Azureus
2007-08-02 22:46 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-11 17:26 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-11 17:26 --------- d-------- C:\Program Files\KYE
2007-07-11 04:28 --------- d-------- C:\Program Files\MSXML 4.0
2007-07-10 23:30 --------- d-------- C:\DOCUME~1\RICKYY~1\APPLIC~1\AdobeUM
2007-07-08 21:07 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2007-07-08 21:07 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2007-07-08 21:07 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2007-07-08 02:21 --------- d-------- C:\Program Files\QuickTime
2007-07-08 02:08 --------- d-------- C:\DOCUME~1\RICKYY~1\APPLIC~1\Media Player Classic
2007-07-08 00:04 --------- d-------- C:\Program Files\SlySoft
2007-07-07 17:18 --------- d-------- C:\Program Files\Microsoft Games
2007-07-07 16:47 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-07 01:26 --------- d-------- C:\DOCUME~1\RICKYY~1\APPLIC~1\Google
2007-07-07 01:08 --------- d-------- C:\Program Files\illiminable
2007-07-07 00:59 --------- d-------- C:\Program Files\Xvid
2007-07-07 00:54 --------- d-------- C:\Program Files\Real Alternative
2007-07-07 00:54 --------- d-------- C:\Program Files\Media Player Classic
2007-07-07 00:54 --------- d-------- C:\DOCUME~1\RICKYY~1\APPLIC~1\Real
2007-07-07 00:30 --------- d-------- C:\Program Files\Google
2007-07-06 23:22 --------- d-------- C:\Program Files\MSN Messenger
2007-07-06 15:46 --------- d-------- C:\Program Files\Azureus
2007-07-06 15:42 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-06 13:08 --------- d-------- C:\Program Files\Messenger
2007-07-06 12:20 --------- d-------- C:\Program Files\K-Lite Codec Pack
2007-07-06 04:58 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-06 04:58 --------- d-------- C:\Program Files\Common Files\ODBC
2007-07-06 02:17 --------- d-------- C:\Program Files\Microsoft.NET
2007-07-06 02:17 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-07-06 02:11 --------- d-------- C:\Program Files\DAEMON Tools
2007-07-06 00:31 --------- d-------- C:\Program Files\Sygate
2007-07-06 00:31 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-05 23:55 3316 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-07-05 23:52 8972 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2007-07-05 23:50 --------- d-------- C:\Program Files\Movie Maker
2007-07-05 23:46 --------- d-------- C:\Program Files\Windows NT
2007-07-05 22:35 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-05 22:35 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-07-05 22:34 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-05 22:08 0 -rahs---- C:\MSDOS.SYS
2007-07-05 22:08 0 -rahs---- C:\IO.SYS
2007-07-05 22:08 0 --a------ C:\CONFIG.SYS
2007-07-05 22:08 0 --a------ C:\AUTOEXEC.BAT
2007-07-05 22:08 --------- d-------- C:\Program Files\microsoft frontpage
2007-07-05 22:06 --------- d-------- C:\Program Files\Online Services
2007-07-05 22:05 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-07-05 22:04 --------- d--h----- C:\Program Files\WindowsUpdate
2007-07-05 22:04 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-06-26 18:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-20 01:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 22:23 1033216 --a------ C:\WINDOWS\explorer.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-17 09:43]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-05 23:40]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"SNPMI03"="C:\WINDOWS\vsnpmi03.exe" [2003-08-08 14:58]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-05 19:20:25]
GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe [2007-07-05 22:45:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

R3 snpmi03;VideoCAM NB 300;C:\WINDOWS\system32\DRIVERS\snpmi03.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-19 22:00:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-19 22:02:05 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-19 22:01

--- E O F ---

#4 r1ckst4

r1ckst4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 19 August 2007 - 05:07 AM

... and the new hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:08 p.m., on 19/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\vsnpmi03.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ricky Yosua\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNPMI03] C:\WINDOWS\vsnpmi03.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5185 bytes

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 19 August 2007 - 05:16 AM

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

Make sure all hidden files are showing:
* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Go here:http://virusscan.jotti.org/
Using the 'Browse' button,browse to:
C:\WINDOWS\vsnpmi03.exe
Then press the 'Submit' button.
Wait while the file is scanned.
Post the results into your next reply.

If Jotti's too busy,try here:
http://www.virustotal.com/en/virustotalf.html
Click on the 'Analysis' tab.
Using the 'Browse' button,browse to:
C:\WINDOWS\vsnpmi03.exe
Then click on 'Send File'.
Post the results into your next reply.

Also post a new Hijackthis log.
Posted Image
Posted Image

#6 r1ckst4

r1ckst4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 19 August 2007 - 07:06 AM

there was only one java in my control panel and that was called and update 1 or something... 130MB if i'm not mistaken, which is significantly bigger than the 13MB update 2 that u've given me.. y is that?

anyways, i've installed the new java and here's the result from virusscan.jotti

Service load:
0% 100%
File: vsnpmi03.exe
Status:
OK
MD5: b7a0ba3ce94a29801cc507b97db391fa
Packers detected:
-
Bit9 reports: File not found
Scanner results
Scan taken on 19 Aug 2007 11:59:26 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

and new HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:28 a.m., on 20/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\vsnpmi03.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ricky Yosua\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNPMI03] C:\WINDOWS\vsnpmi03.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5326 bytes


thanx richie

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 19 August 2007 - 07:16 AM

I don't see anything malicious at all,you're probably looking at a false positive with the AVG detection.
Lets run the following just to make sure:

Run this online virus/spyware scan using Internet Explorer:
Kaspersky WebScanner
Next click Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Standard
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:
Select My Computer
This will start the program and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste the contents of that file into your next reply.
Posted Image
Posted Image

#8 r1ckst4

r1ckst4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 20 August 2007 - 01:01 AM

hi there Richie... :thumbsup: i don't know what's wrong here mate but here's what happened straight after the scan finished... this is just a quick printscreen there were 5 or more of these that came up...

oh and i notice that the report say that "Object is locked skipped" i don't know why that is...
Posted Image

and this is the test result:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, August 20, 2007 5:52:21 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 20/08/2007
Kaspersky Anti-Virus database records: 361453
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 51080
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:10:44

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ricky\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ricky\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ricky\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ricky\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ricky\Local Settings\History\History.IE5\MSHist012007082020070821\index.dat Object is locked skipped
C:\Documents and Settings\Ricky\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ricky\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ricky\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Ricky\UserData\index.dat Object is locked skipped
C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP11\A0006314.exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP31\A0019630.exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019645.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019646.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019647.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019648.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019649.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019650.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019651.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019652.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019653.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019654.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019655.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019656.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019657.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019658.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019659.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019660.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019661.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019662.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019663.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019664.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019665.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019666.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019667.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019668.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019669.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019670.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019671.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019672.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019673.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019674.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019675.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019676.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019677.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019678.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019679.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019680.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019681.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019682.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019683.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019689.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019690.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019691.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019692.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019693.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019694.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019695.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019696.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019697.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019698.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019699.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019700.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019701.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019702.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019703.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019704.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019705.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019706.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019707.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019708.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019709.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019710.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019711.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019712.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019713.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019714.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019715.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019716.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019717.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019718.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019719.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019720.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019721.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019722.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019723.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019724.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019725.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019726.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019727.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP33\A0019728.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019762.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019763.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019764.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019765.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019766.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019767.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019768.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019769.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019770.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019771.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019772.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019773.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019774.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019775.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019776.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019777.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019778.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019779.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019780.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019781.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019782.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019783.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019784.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019785.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019786.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019787.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019788.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019789.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019790.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019791.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019792.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019793.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019794.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019795.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019796.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019797.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019798.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019799.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019800.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0019801.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020689.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020690.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020691.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020692.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020693.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020694.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020695.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020696.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020697.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020698.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020699.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020700.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020701.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020702.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020703.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020704.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020705.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020706.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020707.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020708.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020709.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020710.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020711.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020712.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020713.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020714.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020715.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020716.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020717.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020718.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020719.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020720.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020721.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020722.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020723.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020724.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020725.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020726.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020727.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP35\A0020728.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP36\A0021766.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022755.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022756.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022757.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022758.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022759.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022760.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022761.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022762.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022763.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022764.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022765.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022766.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022767.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022768.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022769.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022770.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022771.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022772.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022773.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022774.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022775.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022776.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022777.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022778.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022779.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022780.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022781.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022782.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022783.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022784.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022785.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022786.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022787.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022788.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022789.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022790.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022791.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022792.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP37\A0022793.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0023760.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024762.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024763.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024764.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024765.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024766.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024767.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024768.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024769.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024770.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024771.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024772.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024773.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024774.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024775.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024776.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024777.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024778.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024803.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024804.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024805.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024806.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024807.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024808.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024809.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024810.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024811.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024812.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024813.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024814.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP38\A0024815.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP39\A0024816.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP40\A0024834.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP40\A0024836.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP40\A0024858.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP40\A0024859.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP40\A0024860.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP40\A0024861.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP40\A0024862.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP40\A0024863.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP40\A0024864.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP41\A0024879.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP41\A0024880.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP41\A0024881.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP42\A0026947.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP42\A0026948.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP43\A0026980.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP43\A0026981.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP43\A0026982.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP43\A0026983.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP43\A0026984.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP43\A0026985.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP43\A0026986.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP47\A0030253.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP47\A0030254.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP47\A0030255.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP47\A0030256.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP47\A0030257.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP47\A0030258.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP47\A0030259.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP47\A0030260.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP47\A0030261.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP49\A0032293.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP49\A0032301.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP49\A0032302.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP49\A0032303.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP49\A0032304.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP49\A0032305.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP49\A0032306.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP49\A0032307.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP49\A0033309.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP49\A0033310.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP49\A0033311.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP49\A0033312.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP49\A0033313.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP49\A0033314.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP49\A0033315.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP49\A0033316.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP49\A0033317.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP52\A0037647.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP52\A0037648.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP52\A0037649.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP52\A0037650.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP52\A0037651.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP52\A0037652.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP52\A0037653.Exe Object is locked skipped
C:\System Volume Information\_restore{3299FBBC-F771-42A6-ACB9-7FA10E68DC60}\RP57\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Edited by r1ckst4, 20 August 2007 - 01:05 AM.


#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 20 August 2007 - 04:01 AM

hi there Richie... huh.gif i don't know what's wrong here mate but here's what happened straight after the scan finished... this is just a quick printscreen there were 5 or more of these that came up...

The above results are perfectly normal for Kaspersky Web Scanner.

Restart your pc,post a new Hijackthis log.
Let me know how your pc is running now.
Posted Image
Posted Image

#10 r1ckst4

r1ckst4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 20 August 2007 - 05:56 AM

hey richie... i've restarted my comp and here's the new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:12 p.m., on 20/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\vsnpmi03.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ricky Yosua\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNPMI03] C:\WINDOWS\vsnpmi03.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5449 bytes


i can't tell how it's running now coz these things just happen out of the blue... and my comp also freezes quite often... yeah i don't know why aye.. i'l let u know if i come across the threats warning again, which i think will be turning up again... Is it possible that it's the AVG that stuffs up?

I sometimes go and check the directory and find these so called virus by AVG... and yeah they do have an extra ".exe" on them and they have a little window icon on them.. but yeah i don't dare to click on them... very confusing huh?

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 20 August 2007 - 06:05 AM

Find and delete:
C:\Downloads\Ricky's bleep\QuickTime.Pro.6.5
Let me know whats happening now.
Posted Image
Posted Image

#12 r1ckst4

r1ckst4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 25 August 2007 - 07:29 PM

hi again richie.. yeah i've done that... now there's only one remaining delf.ajq instead of about 5 before... it still turns up every now and then. My computer now freezes so often... and it's really frustating.. maybe it doesn't have anything to do with malwares after all?

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 26 August 2007 - 06:43 AM

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Restart your pc.

Turn 'System Restore' back on:

Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.


Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.


Run 'ESET Online Scanner' using Internet Explorer:
http://www.eset.com/onlinescan/
Place a check in the box 'YES,I accept the 'Terms of Use' after reading.
Then click 'Start'.
Allow the activex control to install.
Then click 'Start' on the 'ESET Online Scanner' window.
Place a check in the box 'Remove found threats'.
Leave the box 'Scan unwanted applications' blank.
Then press 'Scan'.
The scan will take up some time so please be patient.

Restart your pc.
Let me know how your pc is running now.
Posted Image
Posted Image

#14 r1ckst4

r1ckst4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 19 September 2007 - 06:57 AM

hi richie.. it's been a while since i last posted in this thread... i just want to say thank you for your help. My computer has been performing well :thumbsup: so thanks! there's no more of those virus threats and rarely freeze so yeah awesome!

once again thanks. i thought it was rude for me to just never reply anymore. You guys are doing a good job here keep it up!

cheers!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users