Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32.trats


  • Please log in to reply
22 replies to this topic

#1 RockOn81Impala

RockOn81Impala

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 16 February 2008 - 10:12 PM

Hello, today without warning Norton picked up a W32.Trats infection, which it said it removed but it seems not to. I did a full system scan and it found two Trojans, which it removed, and I've also followed the other steps that lead to posting a new topic. I've been here once before with a bad W32.Trats!inf infection and you guys were amazing! I'm hoping that since this just happened today that it is not as infected as last time.

I'm getting popups and it is also difficult to type because it seems that every few letters I have to go back and correct spelling, as my system is quite bogged down.

I have no idea where these infections are coming from - I practice safe internet policies and do regular virus/spyware scans. I'm also losing a lot of faith in Norton because it's not doing a very good job at stopping infections!

Thank you for any help you can give!!! :thumbsup:
HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:26 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascar.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkhh.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: {7a6f3d7f-177c-beb9-dab4-8b1f2de55ba2} - {2ab55ed2-f1b8-4bad-9beb-c771f7d3f6a7} - C:\WINDOWS\system32\nptlciyg.dll
O2 - BHO: (no name) - {607B7811-F4BD-4CEB-8886-A58F923CDEF5} - C:\WINDOWS\system32\pmkhh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BM0fd5581c] Rundll32.exe "C:\WINDOWS\system32\khcahtcc.dll",s
O4 - HKLM\..\Run: [0ce66b80] rundll32.exe "C:\WINDOWS\system32\kvexnskc.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA7124] command /c del "C:\WINDOWS\system32\pmkhh.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4082] cmd /c del "C:\WINDOWS\system32\pmkhh.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2193] command /c del "C:\WINDOWS\system32\pmkhh.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8664] cmd /c del "C:\WINDOWS\system32\pmkhh.dll_old"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F18FFF5-85B9-4378-A1B4-06743830EC70} (WAPUploaderAX Class) - http://www.web-a-photo.com/WebaphotoUploaderXP.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.27.100.83/activex/AxisCamControl.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-0000-0000-0000-000000000000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: xxyabaw - C:\WINDOWS\SYSTEM32\xxyabaw.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10164 bytes

BC AdBot (Login to Remove)

 


#2 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:45 AM

Posted 22 February 2008 - 08:18 AM

Hi, Wellcome to Bleeping Computer Forums!

You might want to save this page on your favorites, so you can find it again when you return.


Please take note of the following:
  • I will be handling your log and helping you, please do not make any system changes yet.
  • The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
  • Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible.
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#3 RockOn81Impala

RockOn81Impala
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 23 February 2008 - 01:33 PM

Thank you for your help!

Things have gotten a lot worse since I started the thread. Internet Explorer is freezing often as a result of the popups and occasionally Windows Explorer will give me a buffer overun error and shut itself down. Norton is now picking up Vundos along with the W32.Trats, among other attacks and like usual, claims it fixes/blocks it but of course it does not.

Thank you again - I know how busy you guys are so I'm beng very patient. :thumbsup:

#4 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:45 AM

Posted 24 February 2008 - 09:40 AM

Hi,

Download ComboFix from Here or Here to your Desktop.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist.

Regards
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#5 RockOn81Impala

RockOn81Impala
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 24 February 2008 - 12:39 PM

ComboFix Log:

ComboFix 08-02-24.4 - Danni 2008-02-24 12:01:02.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.550 [GMT -5:00]
Running from: C:\Documents and Settings\Danni\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\ctkdfirt.dll
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\dqnuohuk.dll
C:\WINDOWS\system32\fkqsvebk.dll
C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\hhkmp.ini2
C:\WINDOWS\system32\ikjdsfbx.dll
C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\jjkmp.ini2
C:\WINDOWS\system32\khcahtcc.dll
C:\WINDOWS\system32\kuhounqd.ini
C:\WINDOWS\system32\linsgsyr.dll
C:\WINDOWS\system32\nptlciyg.dll
C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\nqtwa.ini2
C:\WINDOWS\system32\oikfaqik.dll
C:\WINDOWS\system32\oitnfabi.dll
C:\WINDOWS\system32\pfcickqo.dll
C:\WINDOWS\system32\phpqoltd.dll
C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\pmkjj.exe
C:\WINDOWS\system32\qufiyvkb.dll
C:\WINDOWS\system32\rmuuvngg.dll
C:\WINDOWS\system32\rysgsnil.ini
C:\WINDOWS\system32\sdasxvfg.dll
C:\WINDOWS\system32\tknnkbvp.dll
C:\WINDOWS\system32\ttldclrq.dll
C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\uqyppcjv.dll
C:\WINDOWS\system32\vjytaokv.dll
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\wssafmtw.dll
C:\WINDOWS\system32\wycdd.ini
C:\WINDOWS\system32\wycdd.ini2
C:\WINDOWS\system32\xxyabaw.dll
C:\WINDOWS\system32\ycmbqgxb.dll

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 )))))))))))))))))))))))))))))))
.

2008-02-23 17:37 . 2008-02-23 22:17 1,014 --ahs---- C:\WINDOWS\system32\clnebklg.ini
2008-02-23 13:07 . 2008-02-23 16:30 774 --ahs---- C:\WINDOWS\system32\fxnwtupi.ini
2008-02-22 13:49 . 2008-02-23 12:58 594 --ahs---- C:\WINDOWS\system32\cwdrtgob.ini
2008-02-22 12:58 . 2008-02-22 12:58 294 --ahs---- C:\WINDOWS\system32\xpuhpqml.ini
2008-02-21 15:04 . 2008-02-22 12:27 414 --ahs---- C:\WINDOWS\system32\baccprmw.ini
2008-02-21 14:48 . 2008-02-21 14:48 294 --ahs---- C:\WINDOWS\system32\jajsowdb.ini
2008-02-20 15:13 . 2008-02-21 13:57 594 --ahs---- C:\WINDOWS\system32\xttjnexs.ini
2008-02-19 13:24 . 2008-02-20 15:11 414 --ahs---- C:\WINDOWS\system32\eqixtyuq.ini
2008-02-17 10:50 . 2008-02-18 11:43 654 --ahs---- C:\WINDOWS\system32\vmookbrb.ini
2008-02-16 18:40 . 2008-02-22 17:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-16 18:40 . 2008-02-16 18:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-16 16:29 . 2008-02-17 10:48 414 --ahs---- C:\WINDOWS\system32\cksnxevk.ini
2008-02-16 16:28 . 2008-02-22 15:41 157,360 --a------ C:\WINDOWS\BM0fd5581c.xml
2008-02-16 16:28 . 2008-02-23 12:11 22 --a------ C:\WINDOWS\pskt.ini
2008-02-16 16:20 . 2008-02-16 16:20 9,292 --a------ C:\WINDOWS\system32\LC1E5.tmp
2008-02-15 17:14 . 2008-02-16 16:26 <DIR> d-------- C:\Program Files\QuickTime
2008-02-08 17:25 . 2008-02-08 17:25 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-30 18:30 . 2008-01-30 18:35 <DIR> d-------- C:\Program Files\Miranda IM
2008-01-30 18:30 . 2008-01-30 18:31 <DIR> d-------- C:\Documents and Settings\Danni\Application Data\Miranda

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 17:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-24 16:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-16 21:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-15 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-09 05:23 --------- d-----w C:\Program Files\Activision Value
2008-02-08 20:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-16 21:55 --------- d-----w C:\Program Files\Hunting Unlimited 2008
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-10 04:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-09 16:56 --------- d-----w C:\Documents and Settings\Danni\Application Data\ImgBurn
2008-01-09 04:08 --------- d-----w C:\Program Files\Visioneer OneTouch
2008-01-08 05:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-07 19:35 --------- d-----w C:\Program Files\Trend Micro
2008-01-07 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-07 00:17 --------- d-----w C:\Program Files\AIM6
2008-01-07 00:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-05 04:00 --------- d-----w C:\Program Files\Java
2008-01-05 03:59 --------- d-----w C:\Program Files\Common Files\Java
2008-01-03 23:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-02 20:17 --------- d-----w C:\Program Files\Norton Internet Security
2008-01-02 18:13 --------- d-----w C:\Program Files\Yahoo!
2008-01-02 04:46 --------- d-----w C:\Documents and Settings\Loren\Application Data\Yahoo!
2007-12-31 03:56 --------- d--h--r C:\Documents and Settings\Danni\Application Data\yahoo!
2007-12-28 17:18 --------- d-----w C:\Program Files\SanDisk
2007-12-28 17:18 --------- d-----w C:\Documents and Settings\Danni\Application Data\InstallShield
2007-12-28 06:14 --------- d-----w C:\Documents and Settings\Danni\Application Data\HouseCall 6.6
2007-12-28 03:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-28 03:17 --------- d-----w C:\Program Files\Creative
2007-12-21 04:36 417,792 ----a-w C:\WINDOWS\iwexec.exe
2007-09-24 01:52 43,384 ----a-w C:\Documents and Settings\Danni\Application Data\GDIPFONTCACHEV1.DAT
2002-06-25 21:48 94,784 -csh--w C:\WINDOWS\twain.dll
2004-08-04 04:56 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 04:56 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-04 04:56 54,784 --sha-w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 04:56 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 04:56 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-04 04:56 11,776 --sha-w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{607B7811-F4BD-4CEB-8886-A58F923CDEF5}]
C:\WINDOWS\system32\pmkhh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-03 12:21 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
"nwiz"="nwiz.exe" [2007-12-29 11:57 1626112 C:\WINDOWS\system32\nwiz.exe]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [ ]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-02 15:23 116328]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-01-02 15:23 771440]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-02 15:23 583048]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [ ]

C:\Documents and Settings\Loren\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-01-29 16:33:41 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2001-08-23 06:24]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 22:10:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-19 01:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Danni.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 12:23:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2008-02-24 12:31:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-24 17:31:30
ComboFix2.txt 2008-01-10 00:38:59
.
2008-02-13 23:08:19 --- E O F ---




HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:40 PM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascar.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: (no name) - {607B7811-F4BD-4CEB-8886-A58F923CDEF5} - C:\WINDOWS\system32\pmkhh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F18FFF5-85B9-4378-A1B4-06743830EC70} (WAPUploaderAX Class) - http://www.web-a-photo.com/WebaphotoUploaderXP.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.27.100.83/activex/AxisCamControl.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-0000-0000-0000-000000000000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8933 bytes

#6 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:45 AM

Posted 25 February 2008 - 05:52 PM

Hello,

:) Please follow instructions for installing the Windows XP Recovery Console, presents in: How to use ComboFix

The reason why Recovery Console is recommended is because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged. Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons.
Read more about Windows Recovery Console, on the link bellow:
http://support.microsoft.com/kb/314058


:thumbsup: The most current version of Limewire is reported to include spyware. LimeWire 4.9.28 is clean(Older and newer version may not be). Chances are junk was bundled with this product even if you paid for it.

If you use P2P software, make sure you are careful about what you open and what P2P program you install. Malware is all over the P2P networks and the programs often come bundled with Adware and Spyware.

Further readings of interest in regards to the p2p "issue" are: http://pcpitstop.com/spycheck/p2p.asp and this:
http://pcpitstop.com/spycheck/badtorrent.asp

So please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.
LimeWire


:wacko: Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.


:blink: Now, close any open browsers.
  • Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\system32\clnebklg.ini
C:\WINDOWS\system32\fxnwtupi.ini
C:\WINDOWS\system32\cwdrtgob.ini
C:\WINDOWS\system32\xpuhpqml.ini
C:\WINDOWS\system32\baccprmw.ini
C:\WINDOWS\system32\jajsowdb.ini
C:\WINDOWS\system32\xttjnexs.ini
C:\WINDOWS\system32\eqixtyuq.ini
C:\WINDOWS\system32\vmookbrb.ini
C:\WINDOWS\system32\cksnxevk.ini
C:\WINDOWS\BM0fd5581c.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\LC1E5.tmp
C:\WINDOWS\system32\pmkhh.dll

Folder::
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Program Files\LimeWire

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{607B7811-F4BD-4CEB-8886-A58F923CDEF5}]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=-
IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
  • Save this as CFScript.txt, in the same location as ComboFix.exe
    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Post them along with a new HijackThis log.
Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Regards
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#7 RockOn81Impala

RockOn81Impala
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 28 February 2008 - 04:25 PM

ComboFix Log
ComboFix 08-02-24.4 - Danni 2008-02-28 16:17:41.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.596 [GMT -5:00]
Running from: C:\Documents and Settings\Danni\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Danni\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\BM0fd5581c.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\baccprmw.ini
C:\WINDOWS\system32\cksnxevk.ini
C:\WINDOWS\system32\clnebklg.ini
C:\WINDOWS\system32\cwdrtgob.ini
C:\WINDOWS\system32\eqixtyuq.ini
C:\WINDOWS\system32\fxnwtupi.ini
C:\WINDOWS\system32\jajsowdb.ini
C:\WINDOWS\system32\LC1E5.tmp
C:\WINDOWS\system32\pmkhh.dll
C:\WINDOWS\system32\vmookbrb.ini
C:\WINDOWS\system32\xpuhpqml.ini
C:\WINDOWS\system32\xttjnexs.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\WINDOWS\BM0fd5581c.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\baccprmw.ini
C:\WINDOWS\system32\cksnxevk.ini
C:\WINDOWS\system32\clnebklg.ini
C:\WINDOWS\system32\cwdrtgob.ini
C:\WINDOWS\system32\eqixtyuq.ini
C:\WINDOWS\system32\fxnwtupi.ini
C:\WINDOWS\system32\jajsowdb.ini
C:\WINDOWS\system32\LC1E5.tmp
C:\WINDOWS\system32\vmookbrb.ini
C:\WINDOWS\system32\xpuhpqml.ini
C:\WINDOWS\system32\xttjnexs.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.

2008-02-26 15:49 . 2008-02-26 15:49 <DIR> d-------- C:\Program Files\Infogrames
2008-02-16 18:40 . 2008-02-24 23:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-16 18:40 . 2008-02-16 18:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-15 17:14 . 2008-02-16 16:26 <DIR> d-------- C:\Program Files\QuickTime
2008-02-08 17:25 . 2008-02-08 17:25 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-30 18:30 . 2008-01-30 18:35 <DIR> d-------- C:\Program Files\Miranda IM
2008-01-30 18:30 . 2008-01-30 18:31 <DIR> d-------- C:\Documents and Settings\Danni\Application Data\Miranda

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 21:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-28 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-26 22:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 20:41 --------- d-----w C:\Documents and Settings\Danni\Application Data\GetRightToGo
2008-02-16 21:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-15 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-09 05:23 --------- d-----w C:\Program Files\Activision Value
2008-01-16 21:55 --------- d-----w C:\Program Files\Hunting Unlimited 2008
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-10 04:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-09 16:56 --------- d-----w C:\Documents and Settings\Danni\Application Data\ImgBurn
2008-01-09 04:08 --------- d-----w C:\Program Files\Visioneer OneTouch
2008-01-07 19:35 --------- d-----w C:\Program Files\Trend Micro
2008-01-07 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-07 00:17 --------- d-----w C:\Program Files\AIM6
2008-01-07 00:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-05 04:00 --------- d-----w C:\Program Files\Java
2008-01-05 03:59 --------- d-----w C:\Program Files\Common Files\Java
2008-01-03 23:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-02 20:17 --------- d-----w C:\Program Files\Norton Internet Security
2008-01-02 18:13 --------- d-----w C:\Program Files\Yahoo!
2008-01-02 04:46 --------- d-----w C:\Documents and Settings\Loren\Application Data\Yahoo!
2007-12-31 03:56 --------- d--h--r C:\Documents and Settings\Danni\Application Data\yahoo!
2007-12-28 17:18 --------- d-----w C:\Program Files\SanDisk
2007-12-28 17:18 --------- d-----w C:\Documents and Settings\Danni\Application Data\InstallShield
2007-12-28 06:14 --------- d-----w C:\Documents and Settings\Danni\Application Data\HouseCall 6.6
2007-12-28 03:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-28 03:17 --------- d-----w C:\Program Files\Creative
2007-12-21 04:36 417,792 ----a-w C:\WINDOWS\iwexec.exe
2007-09-24 01:52 43,384 ----a-w C:\Documents and Settings\Danni\Application Data\GDIPFONTCACHEV1.DAT
2001-10-16 12:10 61,440 -c--a-w C:\WINDOWS\inf\i386\onetUSD.dll
2001-10-02 12:58 36,864 -c--a-w C:\WINDOWS\inf\i386\Wiamicro.dll
2001-09-28 12:00 139,264 -c--a-w C:\WINDOWS\inf\i386\Rtscan.dll
2001-09-27 12:11 167,936 -c--a-w C:\WINDOWS\inf\i386\viceo.dll
2002-06-25 21:48 94,784 -csh--w C:\WINDOWS\twain.dll
2004-08-04 04:56 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 04:56 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-04 04:56 54,784 --sha-w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 04:56 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 04:56 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-04 04:56 11,776 --sha-w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-03 12:21 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
"nwiz"="nwiz.exe" [2007-12-29 11:57 1626112 C:\WINDOWS\system32\nwiz.exe]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [ ]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-02 15:23 116328]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-01-02 15:23 771440]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-02 15:23 583048]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

R3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2001-08-23 06:24]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 22:10:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-26 01:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Danni.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 16:21:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-28 16:22:29
ComboFix-quarantined-files.txt 2008-02-28 21:22:02
ComboFix2.txt 2008-02-24 17:31:35
ComboFix3.txt 2008-01-10 00:38:59
.
2008-02-13 23:08:19 --- E O F ---



HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:28 PM, on 2/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascar.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F18FFF5-85B9-4378-A1B4-06743830EC70} (WAPUploaderAX Class) - http://www.web-a-photo.com/WebaphotoUploaderXP.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.27.100.83/activex/AxisCamControl.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-0000-0000-0000-000000000000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8855 bytes

#8 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:45 AM

Posted 29 February 2008 - 12:01 PM

Hello,

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 4...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Plattform: "Windows".
  • Select your Language: "English".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please do an online scan with Kaspersky WebScanner

Click on Posted Image

You will be prompted to install an ActiveX component from Kaspersky, Click Posted Image
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Posted Image
  • Now click on Posted Image
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click Posted Image
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post, along whit a new HijackThis log. Also let me know how i your computer its running.

Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#9 RockOn81Impala

RockOn81Impala
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 29 February 2008 - 07:53 PM

The computer is running well again - no more popups or lagginess when on the internet. :thumbsup: The only thing now is at startup I get an error with mljgg.exe.

Kaspersky Report:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, February 29, 2008 7:43:07 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/02/2008
Kaspersky Anti-Virus database records: 590811
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 102831
Number of viruses found: 13
Number of infected objects: 72
Number of suspicious objects: 0
Duration of the scan process: 02:35:44

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-29_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D2B3725.tmp Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D5902F2.dll Infected: Trojan-Downloader.Win32.ConHook.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D5D0EBB.tmp Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D662AE4.exe Infected: Trojan-Downloader.Win32.ConHook.ab skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\160D6945.tmp Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D6105FD.htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E173311.tmp Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51C958A6.tmp Infected: Trojan-Downloader.Win32.Small.dmj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\47D7F469.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\8107BDE4.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\Danni\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Danni\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Danni\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Danni\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Danni\Local Settings\temp\~DF6EDB.tmp Object is locked skipped
C:\Documents and Settings\Danni\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Danni\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Danni\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Danni\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awtqn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ctkdfirt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcyw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\geedd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ikjdsfbx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\khcahtcc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\LC1E5.tmp.vir Infected: Trojan-Downloader.Win32.Small.ijp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rmuuvngg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vtutt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-24_122253.71.zip/pmkjj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-24_122253.71.zip/xxyabaw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-24_122253.71.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP38\A0001443.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP38\A0001445.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP38\A0002482.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP46\A0002978.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP47\A0003038.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP48\A0003119.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP50\A0003177.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP50\A0003191.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP50\A0003192.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP51\A0003234.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP51\A0003235.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP51\A0003248.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP51\A0003250.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP51\A0003251.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP52\A0003290.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP52\A0003291.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP52\A0003302.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP52\A0003303.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP53\A0003325.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP53\A0003327.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP53\A0003332.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP55\A0003376.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP55\A0003377.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bce skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP56\A0003398.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bce skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003423.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003424.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003425.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003426.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003427.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003428.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003429.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003430.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003431.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bce skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003432.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003433.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003434.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003435.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003436.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003437.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003438.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003439.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003440.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003441.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003442.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003443.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003444.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003445.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003446.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003456.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP57\A0003457.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP67\change.log Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\1394bus.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\26ajxv3t.zip Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\61883.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\6gu5jdbf.zip Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\6q84p7nl.dat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\6to4svc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\9nr71n3j.dat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\access.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\accessor.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\acgenral.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\aclayers.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\aclua.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\aclui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\acpi.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\acspecfc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\activeds.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\actmovie.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\actshell.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\actxprxy.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\acverfyr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\acxtrnal.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\adcjavas.inc Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\adcvbs.inc Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\admin.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\admin.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\admparse.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\adojavas.inc Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\adovbs.inc Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\adsldp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\adsldpc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\adsmsext.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\adsnt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\advapi32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\advpack.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\aec.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\afd.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agentanm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agentctl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agentdp2.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agentdpv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agentmpx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agentpsh.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agentsr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agp440.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agtctl15.tlb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agtintl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agtscrpt.js Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ahui.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\alg.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\alrsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\amdk6.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\amdk7.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\amstream.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\apphelp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\apphelp.sdb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\apph_sp.sdb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\apps.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\apps_sp.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\appwiz.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\arial.ttf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\arialbd.ttf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\arp1394.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\asctrls.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\asferror.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\asfsipc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\asycfilt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\at.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ati2dvaa.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ati2dvag.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ati2mtaa.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ati2mtag.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ati3d1ag.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ati3d2ag.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atiixpaa.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atiixpag.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atinbtxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atinmdxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atinpdxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atinraxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atinrvxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atinsnxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atinttxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atintuxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atinxbxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atinxsxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atiradn1.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ativdaxx.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ativmvxx.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atixpwdm.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atm.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atmadm.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atmarpc.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atmfd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atmlane.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atmlib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\au.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\audiosrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\author.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\author.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\authz.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\autochk.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\autoconv.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\autofmt.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\autolfn.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\avc.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\avifil32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\basesrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\batmeter.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\batt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\bda.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\bidispl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\biosinfo.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\blackbox.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\bridge.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\browselc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\browser.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\browseui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\browsewm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cabinet.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cabview.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\camocx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\catsrvps.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ccdecode.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cdfs.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cdfview.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cdm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cdosys.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\certcli.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\certmgr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cewmdm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cfgbkend.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cfgmgr32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cfgwiz.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\chajei.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cimwin32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cimwin32.mfl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cimwin32.mof Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cintime.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cintsetp.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ciodm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\classpnp.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cliconfg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cliconfg.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cliconfg.rll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\clipbrd.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\clusapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cmbatt.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cmcfg32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cmd.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cmdial32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cmdl32.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cmmon32.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cmprops.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cmstp.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cmutil.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cnbjmon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comctl32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comdlg32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comexp.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comic.ttf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\compact.wmz Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\compatui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\compstui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comres.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\conf.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\confmrsl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\conime.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\connected_data.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\connected_fr.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\connected_multiple.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\connected_networks.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\connected_wizard.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\corpol.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cpanel.chq Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cplexe.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cpu.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\credui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\crusoe.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cryptdlg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cryptdll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cryptext.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cryptnet.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cryptui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cscdll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cscript.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cscui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\csrsrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\csrss.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\d3d8.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\d3d8thk.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\d3dim700.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\danim.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dataclen.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dataspec.xml Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\datetime.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\davclnt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\daxctle.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dayi.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dbghelp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dbmsrpcn.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dbnetlib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dbnmpntw.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dcache.bin Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dcap32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dciman32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ddeshare.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ddraw.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ddrawex.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\default.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\defltwk.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\defrag.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\desk.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\devenum.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\devmgr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\devxprop.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dfrgfat.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dfrgntfs.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dfrgsnap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dfrgui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dfsshlex.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dgnet.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dhcpcsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dhtmled.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dialer.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\diantz.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\digest.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dinput.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dinput8.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\directdb.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\disk.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\diskdump.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\diskpart.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dlimport.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dllhost.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmadmin.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmband.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmboot.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmcompos.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmdskmgr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmime.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmio.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmloader.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmremote.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmscript.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmserver.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmstyle.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmsynth.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmusic.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmusic.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmutil.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dnsapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\docprop2.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dosx.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpcdll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dplaysvr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dplayx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpmodemx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpnaddr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpnet.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpnhpast.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpnhupnp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpnlobby.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpnsvr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpup.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpvacm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpvoice.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpvsetup.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpvvox.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpwsockx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\drmclien.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\drmk.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\drmstor.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\drmv2clt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\drprov.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\drvindex.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\drvmain.sdb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ds32gt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dsdmo.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dsdmoprp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dshowext.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dskquota.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dskquoui.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dsound.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dsound3d.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dsprop.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dsprpres.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dsquery.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dssec.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dssenh.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dsuiext.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dswave.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dtsgnup.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\duser.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dvdupgrd.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dwup.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dwwin.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dx7vb.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dx8vb.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dxdiag.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dxdiag.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dxg.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dxmasf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dxmrtp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dxtmsft.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dxtrans.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\els.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\encapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\encdec.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\error.js Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ersvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\es.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\esent.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\esscli.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\eudcedit.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\evconcepts.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\evntagnt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\evntcmd.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\evntrprv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\evntwin.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\extrac32.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fastfat.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fastprox.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\faultrep.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\faxpatch.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fdc.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\feclient.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\filefold.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\filelist.xml Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\filemgmt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\file_srv.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\findstr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\flpydisk.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fontext.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fontview.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\footer.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp40ext.cab Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp40ext.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp40ext.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4amsft.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4anscp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4apws.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4areg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4atxt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4autl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4avnb.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4avss.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4awebs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4awel.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp98sadm.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp98swin.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fpadmcgi.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fpadmdll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fpcount.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fpencode.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fpexedll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fpmmc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fpmmcsat.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fpremadm.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fpsrvadm.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\framebuf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\framedyn.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ftp.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsclnt.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxscom.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxscomex.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxscover.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsdrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsevent.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsext32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsmon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsocm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsocm.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsperf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsres.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsst.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxssvc.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxst30.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxstiff.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxswzrd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsxp32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\gameenum.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\gckernel.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\glu32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\gpkrsrc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\grpconv.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\guitrn.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\guitrn_a.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\h323cc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hal.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hal.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\halaacpi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\halacpi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\halapic.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\halmacpi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\halmps.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hardware.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hccoin.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hdwwiz.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hh.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hid.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hidclass.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hiddigi.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hidir.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hidparse.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hidphone.tsp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hidserv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hidserv.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hmmapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hnetcfg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hnetwiz.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hostmib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hotplug.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\howto.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hschelp.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hscupd.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hscxpsp1.cab Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\html32.cnv Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\htui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hypertrm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xnt5.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwfp0.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwfp1.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwfp2.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwfp3.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwfp4.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwtv0.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwtv1.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwtv2.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwtv3.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwtv4.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iac25_32.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iasrad.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icaapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iccvid.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icm32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icmp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iconlib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ics.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icwconn.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icwconn1.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icwconn2.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icwdial.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icwdl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icwhelp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icwphbk.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icwrmind.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icwutil.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\idq.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ie.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ie4uinit.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ieaccess.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ieakeng.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ieaksie.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iedkcs32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iepeers.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iernonce.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iesetup.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ieuinit.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iexplore.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iexpress.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ifmon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\igmpagnt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iis.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ils.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imaadp32.acm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imagehlp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imapi.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imapi.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imekr61.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imekrcic.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imekrmbx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imeshare.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imgutil.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjp81.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjp81k.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjpcd.dic Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjpcic.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjpcus.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjpdct.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjpdct.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjpdsvr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjpinst.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjpmig.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjprw.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjputy.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjputyc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imm32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ims.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ims.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inetcfg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inetcomm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inetcpl.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inetmib1.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inetpp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inetppui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inetpref.xml Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inetres.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inetwiz.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\infrared.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\initpki.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\input.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\input.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\input.hlp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\input.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inseng.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\instcat.sql Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\intelide.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\intl.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\intl.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipconf.tsp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipconfig.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iphlpapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipinip.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipnat.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ippromon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0002.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0004.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0005.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0006.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0007.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0008.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0009.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0010.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0011.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0012.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0014.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0016.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_util.inc Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iprip.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipsecconcepts.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipsecsnp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipsecsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipsmsnap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipv6.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipv6.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipv6mon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipxroute.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iqatbbj3.dat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ir41_32.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ir41_qc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ir41_qcx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ir50_32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ir50_qc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ir50_qcx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\irenum.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\irmon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\isign32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\isrdbg32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\itircl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\itss.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iuctl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iuengine.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ivfsrc.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ixsso.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iyuv_32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\joy.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\jscript.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\jsproxy.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kd1394.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kerberos.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\keyboard.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\keymgr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kmddsp.tsp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kmixer.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\krnl386.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\krnlprov.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ks.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ks.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kscaptur.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ksecdd.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ksfilter.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ksproxy.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ksuser.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ksxbar.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kvv5jxb7.dat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kvv5jxb7.zip Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\l3codeca.acm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\langbar.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\laprxy.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\layout.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\lclmm.xml Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\licdll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\license.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\licmgr10.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\licwmi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\linkinfo.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\lmhsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\lmmib2.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\lmrt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\loadperf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\locale.nls Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\localsec.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\localspl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\localui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\locator.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\log.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\logagent.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\logo.gif Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\logon.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\logonui.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\lpdsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\lpk.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\lprhelp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\lprmon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\lsass.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ltmdmnt.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ltotape.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\luna.msstyles Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\luna.mst Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\machine.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\makecab.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mcastmib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mchgr.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mciavi32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mciqtz32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mciseq.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mciwave.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mcwuz3x3.dat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mdac.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mdminst.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mdmirmdm.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\medctrro.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\memstpci.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mf.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mfc42.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mfc42u.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mfcsubs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mgmtapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\micross.ttf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\midimap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migapp.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migip.dun Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migism.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migism.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migism_a.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\miglibnt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migload.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migrate.js Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migsys.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\miguser.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migwiz.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migwiz_a.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\miniime.tpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\misc.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\miscp.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mlang.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mmc.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mmcbase.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mmcndmgr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mmcshext.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mmfutil.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mmsys.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mmsystem.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mnmdd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mnmsrvc.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mobsync.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mobsync.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mode.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\modem.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\modemui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mofcomp.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mofd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\moricons.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mouclass.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mountmgr.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\moviemk.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\moviemk.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\moviemk.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mpe.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mpg2splt.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mpg4dmod.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mpg4ds32.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mplay32.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mplayer2.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mplayer2.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mpr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mprapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mrxdav.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msacm32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadce.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadcer.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadcf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadcfr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadco.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadcor.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadcs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadds.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadds32.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msaddsr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msader15.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msado15.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msado20.tlb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msado21.tlb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msado25.tlb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msado26.tlb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadomd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msador15.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadox.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadp32.acm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadrh15.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msafd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msapsspc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msaud32.acm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mscandui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mscms.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msconf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msconfig.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msconv97.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mscpx32r.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mscpxl32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msctf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msctfime.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msctfp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdadc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaenum.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaer.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaipp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaora.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaorar.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaosp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaprsr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaprst.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaps.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdarem.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaremr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdart.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdasc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdasql.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdasqlr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdatl3.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdatsrc.tlb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdatt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaurl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdfmap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdmo.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdtc.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdtclog.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdxmlc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msfs.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msftedit.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msgpc.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msgr3en.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msgrocm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msgsc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msgslang.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msh261.drv Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msh263.drv Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mshdc.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mshta.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mshtml.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mshtml.tlb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mshtmled.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mshtmler.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msident.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msidle.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msieftp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msiexec.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msihnd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msimain.sdb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msimg32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msimn.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msimsg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msimtf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msinfo.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msinfo32.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msiregmv.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msisip.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msjro.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mskssrv.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mslbui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mslwvtts.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msmsgs.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msmsgs.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msnetmtg.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msnetobj.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msnmsn.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msnsspc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msobcomm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msobdl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msobe.isp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msobmain.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msobshel.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msobshel.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msobweb.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msoe.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msoe.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msoe50.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msoeacct.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msoeres.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msoert2.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msorc32r.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msorcl32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mspaint.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mspatcha.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mspclock.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mspmsp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mspmspsv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mspqm.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msprivs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msrating.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msrdp.cab Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msrdp.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msrle32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mssap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msscds32.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msscp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msscript.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mst123.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstape.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstask.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstask.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstee.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstime.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstinit.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstlsapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstsc.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstsc.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstscax.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstsweb.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msutb.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msv1_0.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msvbvm60.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msvcirt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msvcp60.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msvcrt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msvcrt40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msvfw32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msvidctl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msw3prt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mswebdvd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mswmdm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msxactps.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msxml.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msxml2.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msxml3.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msyuv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\muisetup.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\multimed.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mup.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mutohpen.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mydocs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mymusic.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nabtsfec.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nac.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ncobjapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ncprov.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nddeapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nddeapir.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nddenb32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ndis.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ndisip.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ndisnpp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ndisuio.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ndiswan.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ndptsp.tsp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\net.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\net1.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netac300.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netbeac.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netbios.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netbt.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netcfg.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netcfgx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netdde.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netid.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netip6.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netman.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netmeet.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netmscli.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netoc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netoc.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netplwiz.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netrap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netrass.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netrtsnt.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netsetup.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netsh.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netshell.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netstat.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nettcpip.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nettun.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netui0.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netui1.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netupnph.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\network.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netwzc.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nic1394.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nlhtml.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nmas.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nmasnt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nmchat.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nmft.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nmmkcert.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nmnt.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nmoldwb.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nmwb.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\notepad.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\npdrmv2.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\npdsplay.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\npfs.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nppagent.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\npptools.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\npwmsdrm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nslookup.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nt5.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nt5inf.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntchowto.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntdef.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntdetect.com Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntdsapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntevt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntio.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntio404.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntio411.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntio412.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntio804.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntkrnlmp.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntkrpamp.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntlanman.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntldr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntlsapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntmarta.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntmsapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntmsdba.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntmsmgr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntoc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntprint.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntprint.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntprint.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntshrui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntvdm.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nusrmgr.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nusrmgr.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nv4_disp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nv4_disp.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nv4_mini.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nvct.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nvdm.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nvts.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nwlnkipx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nwprovau.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oakley.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\obeip.dun Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\objsel.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\occache.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ocgen.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ocmsn.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbc32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbc32gt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbcad32.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbcbcp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbcconf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbcconf.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbcconf.rsp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbccp32.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbccp32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbccr32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbccu32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbcint.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbcji32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbcjt32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbcp32r.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbctrac.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oddbse32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odexl32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odfox32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odpdx32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odtext32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oeaccess.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oeimport.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oemig50.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oemiglib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\offfilt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ohci1394.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oleaut32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oledb32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oledb32r.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oleprn.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\olepro32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oobe.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oobebaln.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oobeutil.js Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\opengl32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oschoice.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\osk.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\osloader.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\osloader.ntd Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\osuninst.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\p3.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\packager.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\page1.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\parport.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\password.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pautoenr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pchealth.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pchsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pci.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pciidex.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pcmcia.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pdh.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\perfctrs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\perfdisk.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\perfmon.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\perfos.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\perfproc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\perm2.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\perm2dll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\perm3.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\perm3dd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\phon.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\phone.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\photowiz.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pid.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pidgen.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pinball.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ping.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pintlgnt.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pjlmon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\plyr_err.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pngfilt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pnpscsi.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\polstore.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\portcls.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\powercfg.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\powrprof.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ppa3.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\printing.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\printui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\processr.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\proctexe.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\profmap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\progman.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\proquota.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\provthrd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ps5ui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\psapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\psbase.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\psched.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pscript5.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pstorec.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pstorsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ptpusd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qasf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qcap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qdv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qdvd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qedit.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qedwipes.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qefx3xjv.zip Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qmgr.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qmgrprxy.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qprocess.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\quartz.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\query.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\quick.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\racpldlg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ramdisk.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ramdisk.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rasadhlp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rasapi32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rasauto.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\raschap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rasdlg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rasl2tp.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rasman.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rasmans.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rasphone.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rasppp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\raspppoe.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rassapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rastapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rastls.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rcbdyctl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rcimlby.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rcp.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdbss.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdchost.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdpclip.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdpdd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdpdr.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdpsnd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdpwsx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdsaddin.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdshost.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\redbook.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\redir.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\reg.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\regapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\regedit.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\regopt.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\regsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\regsvr32.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\regwizc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\related.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\remasst.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\remotepg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\remotesp.tsp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\repdrvfs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\resutils.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rexec.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\riched20.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rndismp.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\romanime.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rrcm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rsaenh.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rsh.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rshx32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rsmps.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rstrui.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rtcimsp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rtcshare.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rtipxmib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rtl8139.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rtutils.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\runonce.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\s3nb.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\safemode.htt Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\safe_better.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\safe_easier.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\safe_faster.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\safe_fr.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\safrcdlg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\safrdm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\safrslv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\samlib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\samsrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sapi.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\savedump.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sbe.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sbeio.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sbp2port.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scarddlg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scardsvr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sccsccp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sceregvl.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scesrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\schedsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sclgntfy.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scrcons.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\script.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\script_a.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scrnsave.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scrobj.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scrrun.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scsi.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scsiport.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sdbinst.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\seclogon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\secrecs.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\secupd.dat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\secupd.sig Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\secur32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\security.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sendcmsg.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sendcmsg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sendmail.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sens.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sensapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\serenum.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\serial.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\servdeps.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\services.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sessmgr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sethc.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\setup.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\setup50.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\setupapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\setupqry.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\setup_wm.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sfc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sfc_os.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shdoclc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shdocvw.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shell.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shfolder.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shgina.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shimeng.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shimgvw.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shl_img.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shmgrate.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shrpubw.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shscrap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shsvcs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shtml.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shtml.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shutdown.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sigtab.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sigverif.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\simpdata.tlb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\skeys.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\skins.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\slayerxp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\slbcsp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\slbiop.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\slip.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sl_anet.acm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\smartcrd.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\smbali.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\smbbatt.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\smbclass.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\smi2smir.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\smlogcfg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\smlogsvc.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\smss.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\smtpsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sndrec32.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sniffpol.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\snmp.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\snmpapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\snmpcl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\snmpincl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\snmpmib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\snmpsmir.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\snmpsnap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\snmpthrd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\snmptrap.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\softkbd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sonydcam.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sorttbls.nls Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\spgrmr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\spider.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\splitter.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\spoolss.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sptip.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sqloledb.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sqloledb.rll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sqlsrv32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sqlsrv32.rll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sqlunirl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sqlxmlx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sqlxmlx.rll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sr.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\srchctls.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\srchui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\srclient.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\srv.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\srvsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sr_ui.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ss3dfo.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ssbezier.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ssdpapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ssdpsrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ssflwbox.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ssmarque.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ssmypics.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ssmyst.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sspipes.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ssstars.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sstext3d.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sstub.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\start_control.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\start_desktop.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\start_ending.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\start_files.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\start_fr.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\start_icons.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\start_menu.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\start_taskbar.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\start_windows.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\stdprov.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sti.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\stimon.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sti_ci.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\stobject.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\storprop.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\stream.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\streamip.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\strmdll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\stub_fpsrvadm.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\stub_fpsrvwin.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\swenum.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\swflash.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\swflash.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\synceng.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\syncui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysaudio.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysdm.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysfiles.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysmain.sdb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysmod.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysmod_a.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysmon.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysoc.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysocmgr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysrestore.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\syssetup.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\syssetup.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sys_srv.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\t2embed.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tahoma.ttf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tahomabd.ttf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tape.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tape.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tapi3.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tapi32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tapisrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\taskmgr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tcpip6.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tcpmib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tcpmon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tcpmon.ini Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tcpmonui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tcptest.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tcptsat.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tdc.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tdi.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\telnet.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\termdd.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\termmgr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tffsport.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\themeui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\timedate.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\times.ttf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\timesbd.ttf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tintlgnt.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tip.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tourstart.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tourstrt.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tracert.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\triedit.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\trkwks.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tscfgwmi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tscfgwmi.mfl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tscfgwmi.mof Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tscupgrd.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tsddd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tshoot.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tsoc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tsoc.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tsweb1.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tunmp.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\twain_32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\udfs.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\udhisapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ulib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\umandlg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\umpnpmgr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unicdime.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unidrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unidrvui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\uniime.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unimdm.tsp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unimdmat.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\uniplat.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unlock_built.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unlock_fr.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unlock_optimized.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unlock_playing.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unregmp2.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\untfs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\update.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\uploadm.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\upnp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\upnpcont.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\upnphost.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\upnpui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ups.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\url.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\urlmon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usb8023.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbaudio.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbccgp.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbehci.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbhub.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbintel.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbmon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbohci.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbport.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbport.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbuhci.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\user32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\useract.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\userenv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\userinit.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usmtdef.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usp10.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\utilman.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\uxtheme.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\vbisurf.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\vbscript.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\vbxvfdb3.dat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\vbxvfdb3.zip Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\vdmdbg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\vdmredir.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\version.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\vfwwdm32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\vga.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\vgx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\viaide.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\videoprt.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\viewprov.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\voicepad.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\voicesub.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\vssapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\vssvc.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\w32time.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\w95upgnt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wab.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wab32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wab32res.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wabfind.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wabimp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wabmig.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wacompen.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wanarp.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\watchdog.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wbemcntl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wbemcomn.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wbemcons.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wbemcore.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wbemdisp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wbemess.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wbemperf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wbemprox.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wbemsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wbemtest.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wbemupgd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wdigest.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wdmaud.drv Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wdmaud.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\webcheck.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\webclnt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\webfldrs.msi Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\webpub.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\webvw.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\welcome.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wextract.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\whatnewp.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\whatsnew.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wiaacmgr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wiadefui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wiadss.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wiascr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wiaservc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wiashext.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wiavideo.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\win32spl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\winar30.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\winbrand.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\windows.chq Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\winhlp32.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\winhttp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\winime.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wininet.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\winipsec.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\winmm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\winntbbu.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\winpy.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\winrnr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\winscard.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\winsp.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\winspool.drv Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\winsta.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wintrust.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\winver.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\winzm.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wldap32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wlnotify.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmaccess.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmadmod.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmadmoe.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmasf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmdmlog.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmdmps.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmiadap.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmiapres.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmiaprpl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmiapsrv.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmicookr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmidcprv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmipcima.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmipdskq.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmipiprt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmipjobj.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmiprov.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmiprvsd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmipsess.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmisvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmiutils.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmnetmgr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmp.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmp.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmpcd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmpcore.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmplayer.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmplayer.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmploc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmpocm.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmpshell.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmpui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmsdmod.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmsdmoe.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmstream.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmv8ds32.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmvcore.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmvdmod.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmvds32.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wordpad.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wordpad.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wow32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wpabaln.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wpnpinst.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ws2help.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wscript.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wshcon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wshext.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wship6.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wshom.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wshrm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wshtcpip.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wsnmp32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wsock32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wstcodec.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wstdecod.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wtsapi32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wuau.adm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wuauclt.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wuaueng.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wuauhelp.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wuauserv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wzcdlg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wzcsapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wzcsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\xactsrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\xcopy.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\xenroll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\xolehlp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\xpsp1res.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\yfpvn3tv.dat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\yfpvn3tv.zip Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\zipfldr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\zlndrv1f.zip Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{72DF8CB7-660F-4E45-8796-5243D8F3AE5F}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP38\A0001448.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
G:\System Volume Information\_restore{45A1B5F4-E110-42CF-B22E-54C74B0A7C73}\RP38\A0001449.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

Scan process completed.




HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:16 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascar.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\mljgg.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {b99571ea-5e67-4d04-a9aa-9cd769e17a1b} - (no file)
O2 - BHO: (no name) - {C2AB80D4-4791-4920-B970-AF349AED4022} - (no file)
O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F18FFF5-85B9-4378-A1B4-06743830EC70} (WAPUploaderAX Class) - http://www.web-a-photo.com/WebaphotoUploaderXP.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.27.100.83/activex/AxisCamControl.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-0000-0000-0000-000000000000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: jkkheca - C:\WINDOWS\
O20 - Winlogon Notify: lfpror - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10526 bytes

#10 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:45 AM

Posted 02 March 2008 - 11:39 AM

Hello,

:thumbsup: Click START then RUN;
Now type Combofix /u in the runbox and click OK


:blink: Please download again the ComboFix from Here or Here to your Desktop.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist.

Regards
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#11 RockOn81Impala

RockOn81Impala
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 02 March 2008 - 12:23 PM

ComboFix Log:
ComboFix 08-03-01.3 - Danni 2008-03-02 12:00:58.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.599 [GMT -5:00]
Running from: C:\Documents and Settings\Danni\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))
.

2008-03-02 11:55 . 2004-08-03 23:56 388,608 --a------ C:\kmd.exe
2008-02-29 20:04 . 2005-11-10 13:03 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-02-29 14:07 . 2008-02-29 14:07 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-29 14:07 . 2008-02-29 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-29 13:59 . 2008-02-29 13:59 <DIR> d-------- C:\Program Files\Sun
2008-02-29 13:51 . 2008-02-29 13:51 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-26 15:49 . 2008-02-26 15:49 <DIR> d-------- C:\Program Files\Infogrames
2008-02-16 18:40 . 2008-02-24 23:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-16 18:40 . 2008-02-16 18:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-15 17:14 . 2008-02-16 16:26 <DIR> d-------- C:\Program Files\QuickTime
2008-02-08 17:25 . 2008-02-08 17:25 4,096 --a------ C:\WINDOWS\d3dx.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 16:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-02 16:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-01 01:04 --------- d-----w C:\Program Files\Java
2008-02-26 22:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 20:41 --------- d-----w C:\Documents and Settings\Danni\Application Data\GetRightToGo
2008-02-16 21:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-16 21:30 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-02-15 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-09 05:23 --------- d-----w C:\Program Files\Activision Value
2008-01-30 23:35 --------- d-----w C:\Program Files\Miranda IM
2008-01-30 23:31 --------- d-----w C:\Documents and Settings\Danni\Application Data\Miranda
2008-01-16 21:55 --------- d-----w C:\Program Files\Hunting Unlimited 2008
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-10 04:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-09 16:56 --------- d-----w C:\Documents and Settings\Danni\Application Data\ImgBurn
2008-01-09 04:08 --------- d-----w C:\Program Files\Visioneer OneTouch
2008-01-07 19:35 --------- d-----w C:\Program Files\Trend Micro
2008-01-07 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-07 00:17 --------- d-----w C:\Program Files\AIM6
2008-01-07 00:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-03 23:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-03 17:21 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-02 20:17 --------- d-----w C:\Program Files\Norton Internet Security
2008-01-02 18:13 --------- d-----w C:\Program Files\Yahoo!
2008-01-02 04:46 --------- d-----w C:\Documents and Settings\Loren\Application Data\Yahoo!
2007-12-29 16:57 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-21 04:36 417,792 ----a-w C:\WINDOWS\iwexec.exe
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 23:16 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-04 18:38 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
2007-09-24 01:52 43,384 ----a-w C:\Documents and Settings\Danni\Application Data\GDIPFONTCACHEV1.DAT
2001-10-16 12:10 61,440 -c--a-w C:\WINDOWS\inf\i386\onetUSD.dll
2001-10-02 12:58 36,864 -c--a-w C:\WINDOWS\inf\i386\Wiamicro.dll
2001-09-28 12:00 139,264 -c--a-w C:\WINDOWS\inf\i386\Rtscan.dll
2001-09-27 12:11 167,936 -c--a-w C:\WINDOWS\inf\i386\viceo.dll
2002-06-25 21:48 94,784 -csh--w C:\WINDOWS\twain.dll
2004-08-04 04:56 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 04:56 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-04 04:56 54,784 --sha-w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 04:56 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 04:56 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-04 04:56 11,776 --sha-w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b99571ea-5e67-4d04-a9aa-9cd769e17a1b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2AB80D4-4791-4920-B970-AF349AED4022}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-03 12:21 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
"nwiz"="nwiz.exe" [2007-12-29 11:57 1626112 C:\WINDOWS\system32\nwiz.exe]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [ ]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-02 15:23 116328]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-01-02 15:23 771440]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-02 15:23 583048]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkheca]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lfpror]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

R3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2001-08-23 06:24]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 22:10:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-26 01:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Danni.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 12:05:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-02 12:07:24
ComboFix2.txt 2008-02-28 21:22:30
.
2008-02-13 23:08:19 --- E O F ---




HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:58 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascar.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {b99571ea-5e67-4d04-a9aa-9cd769e17a1b} - (no file)
O2 - BHO: (no name) - {C2AB80D4-4791-4920-B970-AF349AED4022} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F18FFF5-85B9-4378-A1B4-06743830EC70} (WAPUploaderAX Class) - http://www.web-a-photo.com/WebaphotoUploaderXP.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.27.100.83/activex/AxisCamControl.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-0000-0000-0000-000000000000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: jkkheca - C:\WINDOWS\
O20 - Winlogon Notify: lfpror - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10099 bytes

#12 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:45 AM

Posted 05 March 2008 - 08:13 AM

Hello Sorry for delay,
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    • Posted Image
  • When shown the disclaimer, Select "2"
The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.
Now, please download again ComboFix (new version) from Here or Here to your Desktop.


Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Now, close any open browsers.
  • Open notepad and copy/paste the text in the quotebox below into it:
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b99571ea-5e67-4d04-a9aa-9cd769e17a1b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2AB80D4-4791-4920-B970-AF349AED4022}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkheca]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lfpror]
IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
  • Save this as CFScript.txt, in the same location as ComboFix.exe
    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Post them along with a new HijackThis log.
Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall
[/quote]
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#13 RockOn81Impala

RockOn81Impala
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 09 March 2008 - 05:52 PM

Hi, sorry for my own delay, college has been crazy this past week.

I attempted to type ComboFix /u in the runbox and got this: Windows cannot find 'ComboFix'. Make sure you typed the name correctly, and try again. To search for a file, click the Start button, and then click Search.

That's weird because when you had me do this before it worked fine... :thumbsup:

#14 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:45 AM

Posted 11 March 2008 - 05:36 PM

Hello,

1. Go to Start Run type: regedit OK.
  • On the leftside, click to highlight My Computer at the top.
  • Go up to File Export
    • Make sure in that window there is a tick next to "All" under Export Branch.
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put RegBackup.
  • Choose to save it to C:\
  • Click save and then go to File Exit.
2. Please download SWReg and save it somewhere you like.
  • Launch Notepad, and copy/paste the box below into a new text file.
  • Save it as Lookreg.bat and save it in the same folder as where you saved SWReg.
SWREG ACL HKLM\software\microsoft\windows\currentversion\app paths\combofix.exe /s > result.txt
notepad result.txt
  • Locate Lookreg.bat in that folder and double-click on it.
  • In the end Notepad will open with some text. Please post that here.
Thanks
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#15 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:06:45 AM

Posted 17 March 2008 - 02:14 PM

This topic is now closed for inactivity, if you need this thread re-opened please send a Private Message to any moderator.
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users