Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundomonde,trojan-downloader.win32 And Others


  • This topic is locked This topic is locked
16 replies to this topic

#1 serenity_Ash

serenity_Ash

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 08 June 2008 - 12:17 AM

ok i have tried several things and i know really nothing on this - so hopefully i did it all right cause the first time it said i had an older version of Hijackthis for the DSS even though i just got that.. This computer is protected by Prevx 2.0

(Moderator edit: abbreviated Topic Title to adjust for forum list readability.jgweed)

edit note - it was virtumonde not vundomonde sorry for the confusion


1. Ran ATF cleaner on both firefox and IE

2. Ran Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, June 08, 2008 12:22:17 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/06/2008
Kaspersky Anti-Virus database records: 838150
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 174252
Number of viruses found: 13
Number of infected objects: 33
Number of suspicious objects: 0
Duration of the scan process: 03:38:31

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_EV-00.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_EV-Index.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_FP-00.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_FP-01.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_FP-02.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_FP-03.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_FP-Index.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_GX-00.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_GX-01.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_GX-02.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_GX-03.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_GX-Index.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_PX-00.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_PX-01.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_PX-02.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_PX-03.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_PX-04.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_PX-05.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_PX-Index.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_RG-00.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_RG-Index.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_TG-00.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_TG-Index.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_VX-00.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\LDB_VX-Index.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\Local.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Pearl KasaKaitas\Application Data\Sun\Java\Deployment\cache\6.0\52\37011574-46511a7b/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Pearl KasaKaitas\Application Data\Sun\Java\Deployment\cache\6.0\52\37011574-46511a7b/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Pearl KasaKaitas\Application Data\Sun\Java\Deployment\cache\6.0\52\37011574-46511a7b/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Pearl KasaKaitas\Application Data\Sun\Java\Deployment\cache\6.0\52\37011574-46511a7b ZIP: infected - 3 skipped
C:\Documents and Settings\Pearl KasaKaitas\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Pearl KasaKaitas\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Pearl KasaKaitas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Pearl KasaKaitas\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Pearl KasaKaitas\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pearl KasaKaitas\Local Settings\History\History.IE5\MSHist012008060720080608\index.dat Object is locked skipped
C:\Documents and Settings\Pearl KasaKaitas\Local Settings\Temp\fla3.tmp Object is locked skipped
C:\Documents and Settings\Pearl KasaKaitas\Local Settings\Temp\hsperfdata_Pearl KasaKaitas\1804 Object is locked skipped
C:\Documents and Settings\Pearl KasaKaitas\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pearl KasaKaitas\ntuser.dat Object is locked skipped
C:\Documents and Settings\Pearl KasaKaitas\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\Prevx2\lclbrk.cache Object is locked skipped
C:\Program Files\Prevx2\log\px-log.txt Object is locked skipped
C:\Program Files\Prevx2\paws.cache Object is locked skipped
C:\Program Files\Prevx2\prevx.cache Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000429.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000430.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000431.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000432.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000433.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000434.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000435.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000436.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000437.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000438.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000439.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000440.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000441.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000442.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000443.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000444.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000445.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000446.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000447.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000448.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000449.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000450.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000451.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000452.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000453.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000454.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000455.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000456.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000457.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000458.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000459.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000460.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000461.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000462.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000463.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000464.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000465.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000466.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000467.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000468.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000469.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000470.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000471.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000472.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000473.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000474.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000475.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000476.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000477.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000478.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000479.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000480.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000481.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000482.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000483.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000484.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP10\A0000485.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000529.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000530.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000531.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000532.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000533.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000534.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000535.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000536.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000537.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000538.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000539.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000540.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000541.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000542.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000543.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000544.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000545.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000546.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000547.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000548.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000549.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000550.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000551.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000552.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000553.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000554.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000555.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000556.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000557.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000558.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000559.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000560.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000561.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000562.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000563.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000564.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000565.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000566.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000567.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000568.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000569.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000570.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000571.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000572.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000573.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000574.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000575.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000576.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000577.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000578.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000579.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000580.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000581.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000582.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000583.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000584.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000585.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000586.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP11\A0000587.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000624.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000625.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000626.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000627.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000628.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000629.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000630.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000631.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000632.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000633.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000634.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000635.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000636.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000637.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000638.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000639.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000640.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000641.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000642.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000643.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000644.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000645.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000646.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000647.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000648.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000649.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000650.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000651.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000652.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000653.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000654.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000655.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000656.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000657.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000658.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000659.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000660.tsp Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000661.TSP Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000662.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000663.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000664.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000665.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000666.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000667.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000668.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000669.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000670.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000671.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000672.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000673.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000674.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000675.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP12\A0000676.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000700.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000701.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000702.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000703.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000704.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000705.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000706.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000707.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000708.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000709.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000710.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000711.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000712.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000713.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000714.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000715.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000716.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000717.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000718.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000719.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000720.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000721.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP13\A0000722.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP14\A0000729.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP14\A0000730.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP14\A0000731.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP14\A0000732.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP14\A0000733.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP14\A0000734.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP14\A0000735.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP14\A0000736.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000746.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000747.ocx Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000748.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000749.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000750.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000751.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000752.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000753.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000754.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000755.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000756.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000757.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000758.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000759.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000760.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000761.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000762.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000763.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000764.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000765.ocx Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000766.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000767.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000768.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000769.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000770.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000771.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000772.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000773.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP15\A0000774.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000781.sys Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000782.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000783.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000784.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000785.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000786.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000787.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000788.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000789.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000790.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000791.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000792.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000793.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000794.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000795.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000796.sys Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000797.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000798.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000799.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000800.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP16\A0000801.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000808.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000809.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000810.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000811.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000812.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000813.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000814.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000815.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000816.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000817.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000818.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000819.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000820.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000821.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000822.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000823.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000824.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000825.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000826.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000827.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000828.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000829.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP17\A0000830.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP18\A0000839.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP18\A0000840.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP18\A0000841.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP18\A0000842.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP18\A0000843.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP18\A0000844.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP18\A0000845.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP18\A0000846.ocx Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP18\A0000847.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP18\A0000848.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP18\A0000849.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP18\A0000850.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP18\A0000851.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP18\A0000852.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000859.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000860.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000861.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000862.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000863.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000864.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000865.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000866.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000867.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000868.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000869.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000870.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000871.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000872.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000873.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000874.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000875.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000876.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000877.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000878.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP19\A0000879.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000888.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000889.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000890.sys Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000891.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000892.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000893.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000894.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000895.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000896.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000897.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000898.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000899.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000900.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000901.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000902.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000903.sys Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000904.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000905.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000906.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000907.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP20\A0000908.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000929.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000930.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000931.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000932.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000933.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000934.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000935.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000936.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000937.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000938.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000939.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000940.sys Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000941.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000942.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000943.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000944.sys Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000945.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000946.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000947.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000948.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP21\A0000949.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000956.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000957.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000958.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000959.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000960.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000961.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000962.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000963.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000964.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000965.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000966.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000967.sys Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000968.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000969.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000970.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000971.sys Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000972.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000973.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000974.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000975.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP22\A0000976.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP23\A0000983.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP23\A0000984.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP23\A0000985.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP23\A0000986.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP23\A0000987.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP23\A0000988.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP23\A0000989.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP23\A0000990.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP23\A0000991.cnv Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0000998.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0000999.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0001000.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0001001.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0001002.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0001003.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0001004.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0001005.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0001006.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0001007.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0001008.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0001009.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0001010.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0001011.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0001012.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0001013.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0001014.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0001015.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0001016.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0001017.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP24\A0001018.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001027.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001028.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001029.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001030.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001031.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001032.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001033.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001034.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001035.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001036.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001037.sys Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001038.sys Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001039.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001040.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001041.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001042.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001043.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001044.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001045.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001046.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001047.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001048.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP25\A0001049.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001131.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001132.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001133.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001134.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001135.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001136.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001137.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001138.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001139.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001140.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001141.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001142.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001143.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001144.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001145.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001146.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001147.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001148.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001149.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001150.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001151.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001152.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001153.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001154.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001155.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001156.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP26\A0001157.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP31\A0001787.exe Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP4\A0000216.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP4\A0000217.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP4\A0000218.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP4\A0000224.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP4\A0000225.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP4\A0000226.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP4\A0000227.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP4\A0000228.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP4\A0000229.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP4\A0000230.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP4\A0000231.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP4\A0000232.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP4\A0000233.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP5\A0000246.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP5\A0000247.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP5\A0000248.CAT Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP5\A0000249.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP5\A0000250.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP5\A0000251.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP5\A0000252.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP5\A0000253.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP5\A0000254.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP5\A0000255.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP5\A0000256.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP5\A0000257.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP5\A0000258.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP5\A0000259.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP5\A0000260.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP5\A0000261.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000278.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000279.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000280.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000281.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000282.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000283.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000284.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000285.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000286.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000287.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000288.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000292.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000293.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000294.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000295.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000296.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000297.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000298.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000299.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000300.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP6\A0000301.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP7\A0000311.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP7\A0000312.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP7\A0000313.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP7\A0000314.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP7\A0000315.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP7\A0000316.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP7\A0000317.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP7\A0000318.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP7\A0000319.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP7\A0000320.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP7\A0000321.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP7\A0000322.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP7\A0000323.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000330.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000331.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000332.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000333.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000334.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000335.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000336.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000337.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000338.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000339.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000340.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000341.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000342.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000343.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000344.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000345.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000346.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000347.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000348.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000349.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000350.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000351.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP8\A0000352.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000359.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000360.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000361.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000362.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000363.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000364.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000365.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000366.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000367.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000368.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000369.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000370.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000371.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000372.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000373.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000374.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000375.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000376.cat Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000377.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000378.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000379.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000380.inf Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000381.exe Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000382.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000383.ver Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000384.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000385.dll Object is locked skipped
C:\System Volume Information\_restore{1EA804B9-9BB5-4347-BAD0-C39BF5DA8A98}\RP9\A0000386.ver Object is locked skipped
C:\System Volume Information\_restore{C53EAE1E-743F-4EC2-B15B-0FBD5A2A2E62}\RP1\A0000015.exe Infected: Trojan-Dropper.Win32.Mudrop.o skipped
C:\System Volume Information\_restore{C53EAE1E-743F-4EC2-B15B-0FBD5A2A2E62}\RP18\change.log Object is locked skipped
C:\VundoFix Backups\bcsisiad.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\bhiyyplx.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\cnsshdse.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\ddabb.dll.bad Infected: Trojan.Win32.Monder.gen skipped
C:\VundoFix Backups\dycgfxok.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\dytkcsdt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\VundoFix Backups\edyiapht.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\efqmnsvo.dll.bad Infected: Trojan.Win32.Monder.gen skipped
C:\VundoFix Backups\imnosfpq.dll.bad Infected: Backdoor.Win32.Agent.dlj skipped
C:\VundoFix Backups\kkmtnlqw.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\kwltlqqd.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\plitfriv.dll.bad Infected: Trojan.Win32.Monder.gen skipped
C:\VundoFix Backups\qhncbxck.dll.bad Infected: Backdoor.Win32.Agent.dlj skipped
C:\VundoFix Backups\rdbvswqn.dll.bad Infected: Trojan.Win32.Monder.gen skipped
C:\VundoFix Backups\rrxqsvvv.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\sowqiepi.dll.bad Infected: Trojan.Win32.Monder.gen skipped
C:\VundoFix Backups\ssttq.dll.bad Infected: Trojan.Win32.Monder.gen skipped
C:\VundoFix Backups\vmvdacip.dll.bad Infected: Trojan.Win32.Pakes.bwd skipped
C:\VundoFix Backups\wbtetdoy.dll.bad Infected: Backdoor.Win32.Agent.dlj skipped
C:\VundoFix Backups\wuoacjli.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\VundoFix Backups\wvcqanpr.dll.bad Infected: Trojan.Win32.Monder.gen skipped
C:\VundoFix Backups\wvuspnl.dll.bad Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_a7c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\05272008_200307\Program Files\Common Files\rbdhjdjn\rcnlnfntpd\fptndnlfb.exe Infected: not-a-virus:AdWare.Win32.Gator.a skipped
C:\_OTMoveIt\MovedFiles\05272008_200307\Program Files\Common Files\rbdhjdjn\tdrlpnap\nrtpdnej.exe Infected: not-a-virus:AdWare.Win32.Gator.a skipped
C:\_OTMoveIt\MovedFiles\05272008_200307\WINDOWS\iClearSearch\AAAP026.0XE Infected: Backdoor.Win32.Ruledor.c skipped
C:\_OTMoveIt\MovedFiles\05272008_200307\WINDOWS\iNetPal\3ASAVERS_34YF28FG.0XE Infected: Trojan-Dropper.Win32.Mudrop.o skipped
C:\_OTMoveIt\MovedFiles\05272008_200307\WINDOWS\system32\34yf28fg.exe Infected: not-a-virus:AdWare.Win32.F1Organizer.h skipped

Scan process completed.


2. RAN DSS after installing the new version of Hijackthis

Deckard's System Scanner v20071014.68
Run by Pearl KasaKaitas on 2008-06-08 01:15:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Pearl KasaKaitas.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:02 AM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Audio Deck\EnMixCPL.exe
C:\Program Files\Prevx2\PXConsole.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Prevx2\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Pearl KasaKaitas\Desktop\virus stuff\dss.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Pearl KasaKaitas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Platinum 18\Remind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://207.67.84.157/home/SonySncRz30View.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.gamehouse.com/games/DreamChronicles.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://clubgames.pogo.com/online2/pogop/ma...mesLauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/famil.../familyfeud.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 8892 bytes

-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-08 01:02:27 0 d-------- C:\Program Files\Trend Micro
2008-06-04 22:39:27 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Flood Light Games
2008-06-04 22:39:27 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Flood Light Games
2008-06-04 17:30:53 0 d-------- C:\Program Files\PrintMaster Scrapbook Creator
2008-06-04 17:27:12 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-06-04 17:26:49 147456 --a------ C:\WINDOWS\system32\PhotoBase Screen Saver.scr <Not Verified; ArcSoft, Inc.; PhotoBase Screen Saver>
2008-06-04 16:40:23 3186688 --a------ C:\WINDOWS\system32\cdintf300.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-06-04 16:40:23 3186688 --a------ C:\WINDOWS\system32\acXMLParser.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-06-04 16:38:01 0 d-------- C:\Program Files\PrintMaster Platinum 18
2008-06-01 20:21:44 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Ludia
2008-06-01 20:21:44 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ludia
2008-06-01 12:04:33 0 d-------- C:\Program Files\PopCap Games
2008-05-27 20:07:11 0 d------c- C:\fsaua.data
2008-05-26 21:35:09 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-05-26 21:35:08 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-26 20:02:40 0 d------c- C:\games from kelly
2008-05-26 16:43:06 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-26 15:54:54 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-26 15:54:54 2559 --a------ C:\WINDOWS\unins000.dat
2008-05-26 15:31:25 0 d-------- C:\Program Files\Sun
2008-05-26 15:03:04 0 d-------- C:\Program Files\Java
2008-05-26 14:32:11 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Talkback
2008-05-26 14:31:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-26 14:31:47 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Mozilla
2008-05-26 12:23:59 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Malwarebytes
2008-05-26 12:23:41 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-05-26 12:23:39 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-16 23:16:04 0 d------c- C:\2b11c9ee484a6149e82174ae


-- Find3M Report ---------------------------------------------------------------

2008-06-08 01:15:20 0 d-------- C:\Program Files\Prevx2
2008-06-06 12:43:15 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\WeatherBug
2008-06-05 17:03:12 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-05 14:12:34 0 d-------- C:\Program Files\Cosmi
2008-06-04 23:01:27 0 d-------- C:\Program Files\Oberon Media
2008-06-04 17:30:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-04 17:27:12 0 d-------- C:\Program Files\Common Files
2008-06-04 17:26:27 0 d-------- C:\Program Files\ArcSoft
2008-06-04 16:40:33 0 d-------- C:\Program Files\Web Publish
2008-06-04 16:38:17 0 d-------- C:\Program Files\Common Files\Broderbund
2008-06-01 20:28:05 0 d-------- C:\Program Files\Disney Interactive
2008-06-01 20:25:59 0 d-------- C:\Program Files\Coupons
2008-06-01 20:21:22 70 --a------ C:\WINDOWS\popcinfot.dat
2008-05-26 17:16:40 0 d-------- C:\Program Files\BFG
2008-05-05 18:25:25 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Google
2008-05-05 15:09:36 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-05 15:09:18 0 d-------- C:\Program Files\Common Files\Real
2008-05-01 16:09:07 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Pogo Games
2008-04-30 09:25:57 0 d-------- C:\Program Files\QuickTime
2008-04-21 16:46:10 0 d-------- C:\Program Files\Game Rival
2008-04-19 19:05:42 0 d-------- C:\Program Files\GameHouse
2008-04-19 18:03:23 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\My Games
2008-04-19 10:08:30 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\GameHouse
2008-04-06 12:12:16 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [11/10/2003 04:06 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [09/13/2004 12:51 PM]
"CTHelper"="CTHELPER.EXE" [06/19/2003 11:55 PM C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [08/04/2004 03:56 AM C:\WINDOWS\system32\regsvr32.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe" [07/11/2002 08:06 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"EnvyHFCPL"="C:\Program Files\Audio Deck\EnMixCPL.exe" [12/09/2004 04:51 AM]
"Windows Automation"="mslaugh.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 12:01 PM C:\WINDOWS\AGRSMMSG.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" [01/23/2008 12:32 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [07/17/2007 01:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [04/07/2006 03:02 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"InstantTray"="C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [05/06/2004 03:14 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [06/16/2006 02:38 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"=MIDIDEF.EXE

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\PrintMaster Platinum 18\Remind.exe [9/9/2007 3:36:02 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddabb.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^hp instant support.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hp instant support.lnk
backup=C:\WINDOWS\pss\hp instant support.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinScheduler.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinScheduler.lnk
backup=C:\WINDOWS\pss\InterVideo WinScheduler.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
backup=C:\WINDOWS\pss\Microtek Scanner Finder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pearl KasaKaitas^Start Menu^Programs^Startup^MEMonitor.lnk]
path=C:\Documents and Settings\Pearl KasaKaitas\Start Menu\Programs\Startup\MEMonitor.lnk
backup=C:\WINDOWS\pss\MEMonitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pearl KasaKaitas^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
path=C:\Documents and Settings\Pearl KasaKaitas\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
backup=C:\WINDOWS\pss\Microtek Scanner Finder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinToolsSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc




-- End of Deckard's System Scanner: finished at 2008-06-08 01:16:53 ------------

3. unintalled java and installed new one



Just wanted to say many thanks ahead of time and if you can keep the directions semi simple it would be so much appreciated

serenity

Edited by jgweed, 13 June 2008 - 08:14 AM.


BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:55 PM

Posted 13 June 2008 - 12:57 AM

Hello serenity_Ash,

Before we start, you need to realize that you are missing one important program on that computer: An antivirus.

This is somewhat suicidal in today's digital world. :thumbsup:

You need to install an antivirus program as soon as you can and run a complete scan of the computer.

I recommend you download the free

Avast or
AntiVir or
AVG antivirus

Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

After you do that, then post the DSS main.txt and Extra.txt logs. Thanks. :)
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 serenity_Ash

serenity_Ash
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 14 June 2008 - 10:02 PM

ok i took off prevx 2.0 which was my antivirus program and put on your reccomendation of avast


here is the DSS and it doesnt give me a extra.txt - only main

Deckard's System Scanner v20071014.68
Run by Pearl KasaKaitas on 2008-06-14 22:59:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Pearl KasaKaitas.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:54 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Audio Deck\EnMixCPL.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pearl KasaKaitas\Desktop\virus stuff\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\PEARLK~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Platinum 18\Remind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://207.67.84.157/home/SonySncRz30View.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.gamehouse.com/games/DreamChronicles.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://clubgames.pogo.com/online2/pogop/ma...mesLauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/famil.../familyfeud.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 9498 bytes

-- Files created between 2008-05-14 and 2008-06-14 -----------------------------

2008-06-14 15:25:51 0 d-------- C:\Program Files\Alwil Software
2008-06-08 01:02:27 0 d-------- C:\Program Files\Trend Micro
2008-06-04 22:39:27 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Flood Light Games
2008-06-04 22:39:27 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Flood Light Games
2008-06-04 17:30:53 0 d-------- C:\Program Files\PrintMaster Scrapbook Creator
2008-06-04 17:27:12 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-06-04 17:26:49 147456 --a------ C:\WINDOWS\system32\PhotoBase Screen Saver.scr <Not Verified; ArcSoft, Inc.; PhotoBase Screen Saver>
2008-06-04 16:40:23 3186688 --a------ C:\WINDOWS\system32\cdintf300.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-06-04 16:40:23 3186688 --a------ C:\WINDOWS\system32\acXMLParser.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-06-04 16:38:01 0 d-------- C:\Program Files\PrintMaster Platinum 18
2008-06-01 20:21:44 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Ludia
2008-06-01 20:21:44 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ludia
2008-06-01 12:04:33 0 d-------- C:\Program Files\PopCap Games
2008-05-27 20:07:11 0 d------c- C:\fsaua.data
2008-05-26 21:35:09 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-05-26 21:35:08 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-26 20:02:40 0 d------c- C:\games from kelly
2008-05-26 16:43:06 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-26 15:54:54 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-26 15:54:54 2559 --a------ C:\WINDOWS\unins000.dat
2008-05-26 15:31:25 0 d-------- C:\Program Files\Sun
2008-05-26 15:03:04 0 d-------- C:\Program Files\Java
2008-05-26 14:32:11 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Talkback
2008-05-26 14:31:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-26 14:31:47 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Mozilla
2008-05-26 12:23:59 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Malwarebytes
2008-05-26 12:23:41 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-05-26 12:23:39 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-16 23:16:04 0 d------c- C:\2b11c9ee484a6149e82174ae


-- Find3M Report ---------------------------------------------------------------

2008-06-08 18:28:27 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-06 12:43:15 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\WeatherBug
2008-06-05 14:12:34 0 d-------- C:\Program Files\Cosmi
2008-06-04 23:01:27 0 d-------- C:\Program Files\Oberon Media
2008-06-04 17:30:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-04 17:27:12 0 d-------- C:\Program Files\Common Files
2008-06-04 17:26:27 0 d-------- C:\Program Files\ArcSoft
2008-06-04 16:40:33 0 d-------- C:\Program Files\Web Publish
2008-06-04 16:38:17 0 d-------- C:\Program Files\Common Files\Broderbund
2008-06-01 20:28:05 0 d-------- C:\Program Files\Disney Interactive
2008-06-01 20:25:59 0 d-------- C:\Program Files\Coupons
2008-06-01 20:21:22 70 --a------ C:\WINDOWS\popcinfot.dat
2008-05-26 17:16:40 0 d-------- C:\Program Files\BFG
2008-05-05 18:25:25 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Google
2008-05-05 15:09:36 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-05 15:09:18 0 d-------- C:\Program Files\Common Files\Real
2008-05-01 16:09:07 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Pogo Games
2008-04-30 09:25:57 0 d-------- C:\Program Files\QuickTime
2008-04-21 16:46:10 0 d-------- C:\Program Files\Game Rival
2008-04-19 19:05:42 0 d-------- C:\Program Files\GameHouse
2008-04-19 18:03:23 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\My Games
2008-04-19 10:08:30 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\GameHouse
2008-04-06 12:12:16 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [11/10/2003 04:06 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [09/13/2004 12:51 PM]
"CTHelper"="CTHELPER.EXE" [06/19/2003 11:55 PM C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [08/04/2004 03:56 AM C:\WINDOWS\system32\regsvr32.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe" [07/11/2002 08:06 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"EnvyHFCPL"="C:\Program Files\Audio Deck\EnMixCPL.exe" [12/09/2004 04:51 AM]
"Windows Automation"="mslaugh.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 12:01 PM C:\WINDOWS\AGRSMMSG.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [07/17/2007 01:05 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [04/07/2006 03:02 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"InstantTray"="C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [05/06/2004 03:14 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [06/16/2006 02:38 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"=MIDIDEF.EXE

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\PrintMaster Platinum 18\Remind.exe [9/9/2007 3:36:02 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddabb.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^hp instant support.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hp instant support.lnk
backup=C:\WINDOWS\pss\hp instant support.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinScheduler.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinScheduler.lnk
backup=C:\WINDOWS\pss\InterVideo WinScheduler.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
backup=C:\WINDOWS\pss\Microtek Scanner Finder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pearl KasaKaitas^Start Menu^Programs^Startup^MEMonitor.lnk]
path=C:\Documents and Settings\Pearl KasaKaitas\Start Menu\Programs\Startup\MEMonitor.lnk
backup=C:\WINDOWS\pss\MEMonitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pearl KasaKaitas^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
path=C:\Documents and Settings\Pearl KasaKaitas\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
backup=C:\WINDOWS\pss\Microtek Scanner Finder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinToolsSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

*Newly Created Service* - AAVMKER4
*Newly Created Service* - ASWFSBLK
*Newly Created Service* - ASWMON2
*Newly Created Service* - ASWRDR
*Newly Created Service* - ASWSP
*Newly Created Service* - ASWTDI
*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER



-- End of Deckard's System Scanner: finished at 2008-06-14 23:00:35 ------------

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:55 PM

Posted 14 June 2008 - 10:15 PM

Hi serenity_Ash,

We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
 It is intended by its creator to be used under the guidance and supervision of an expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


You need to disable your AVAST Antivirus, and Spybot Teatimer before running ComboFix, as they will prevent it from running.

To disable Spybot's Teatimer:
Run Spybot-S&D
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts

To disable avast antivirus:  
Right click on the avast! icon in system tray (looks like this: Posted Image) and choose (Stop On-Access Protection)


Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

 When following the instructions install the Windows XP Recovery Console if you are using XP. <== IMPORTANT 
It is a simple procedure that will only take a few moments of your time.


You DO NOT need to have the Windows CD to install Recovery Console!

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.


We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.
Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read  here   what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:55 PM

Posted 14 June 2008 - 10:33 PM

Hi serenity_Ash,


I think you thought Prevx2 was an antivirus program. It is an anti malware program. :thumbsup:
I looked up Prevx2 and found this:

Prevx 2.0 Antimalware
Provides strong anti-malware protection and works in conjunction with all major security products.
Prevx2.0 improves your existing security by providing protection against the very latest Spyware, Rootkits, Trojans, Viruses, Bots, Adware and Password Stealers - collectively known as Malware.



So after we have your computer clean, it is OK to install Prevx 2 antimalware again. It will work ok with AVAST antivirus and Spybot.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 serenity_Ash

serenity_Ash
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 15 June 2008 - 01:26 PM

ComboFix 08-06-12.2 - Pearl KasaKaitas 2008-06-15 4:28:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.237 [GMT -4:00]
Running from: C:\Documents and Settings\Pearl KasaKaitas\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pearl KasaKaitas\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Pearl KasaKaitas\Application Data\macromedia\Flash Player\#SharedObjects\WP67S3AU\www.broadcaster.com
C:\Documents and Settings\Pearl KasaKaitas\Application Data\macromedia\Flash Player\#SharedObjects\WP67S3AU\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Pearl KasaKaitas\Application Data\macromedia\Flash Player\#SharedObjects\WP67S3AU\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Pearl KasaKaitas\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Pearl KasaKaitas\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\adcxiitl.ini
C:\WINDOWS\system32\cmnrkrns.ini
C:\WINDOWS\system32\ebackaab.ini
C:\WINDOWS\system32\iljcaouw.ini
C:\WINDOWS\system32\im64.dll
C:\WINDOWS\system32\isbqyxlc.ini
C:\WINDOWS\system32\iwfnvqis.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oihsxavm.ini
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.ini2
C:\WINDOWS\system32\wplyldwe.ini
C:\WINDOWS\system32\yiioeqkm.ini
C:\WINDOWS\system32\yodtetbw.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.

2008-06-14 15:25 . 2008-06-14 15:25 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-08 01:02 . 2008-06-08 01:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 22:39 . 2008-06-04 22:39 <DIR> d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Flood Light Games
2008-06-04 22:39 . 2008-06-04 22:39 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Flood Light Games
2008-06-04 17:30 . 2008-06-04 17:34 <DIR> d-------- C:\Program Files\PrintMaster Scrapbook Creator
2008-06-04 17:27 . 2008-06-04 17:29 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-06-04 17:26 . 2004-08-04 07:52 413,696 -ra------ C:\WINDOWS\system32\msvcd67a.rra
2008-06-04 17:26 . 2006-12-18 15:43 147,456 --a------ C:\WINDOWS\system32\PhotoBase Screen Saver.scr
2008-06-04 16:40 . 2007-07-19 13:07 3,186,688 --a------ C:\WINDOWS\system32\cdintf300.dll
2008-06-04 16:40 . 2007-07-19 13:07 3,186,688 --a------ C:\WINDOWS\system32\acXMLParser.dll
2008-06-04 16:38 . 2008-06-04 16:49 <DIR> d-------- C:\Program Files\PrintMaster Platinum 18
2008-06-01 20:21 . 2008-06-01 20:21 <DIR> d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Ludia
2008-06-01 20:21 . 2008-06-01 20:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ludia
2008-06-01 12:04 . 2008-06-01 19:20 <DIR> d-------- C:\Program Files\PopCap Games
2008-05-27 20:07 . 2008-05-27 20:07 <DIR> d----c--- C:\fsaua.data
2008-05-27 20:03 . 2008-05-27 20:03 <DIR> d----c--- C:\_OTMoveIt
2008-05-26 22:24 . 2008-05-26 22:24 <DIR> d----c--- C:\Deckard
2008-05-26 21:35 . 2008-05-26 21:35 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-26 21:35 . 2008-05-26 21:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-05-26 20:02 . 2008-05-26 20:04 <DIR> d----c--- C:\games from kelly
2008-05-26 16:43 . 2008-05-26 16:43 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-26 15:31 . 2008-05-26 15:31 <DIR> d-------- C:\Program Files\Sun
2008-05-26 15:31 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-26 15:03 . 2008-05-26 15:31 <DIR> d-------- C:\Program Files\Java
2008-05-26 14:58 . 2008-05-26 14:58 <DIR> d-------- C:\Program Files\CleanUp!
2008-05-26 14:32 . 2008-05-26 14:32 <DIR> d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Talkback
2008-05-26 14:31 . 2008-05-26 14:31 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-26 12:24 . 2008-06-05 17:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-26 12:24 . 2008-06-05 17:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-26 12:23 . 2003-01-01 00:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-26 12:23 . 2008-05-26 12:23 <DIR> d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Malwarebytes
2008-05-26 12:23 . 2008-05-26 12:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-05-16 23:16 . 2008-05-16 23:17 <DIR> d----c--- C:\2b11c9ee484a6149e82174ae

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 08:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-15 08:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-06-14 19:23 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
2008-06-06 22:18 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-06 16:43 --------- d-----w C:\Documents and Settings\Pearl KasaKaitas\Application Data\WeatherBug
2008-06-05 18:12 --------- d-----w C:\Program Files\Cosmi
2008-06-05 03:01 --------- d-----w C:\Program Files\Oberon Media
2008-06-04 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 21:26 --------- d-----w C:\Program Files\ArcSoft
2008-06-04 20:40 --------- d-----w C:\Program Files\Web Publish
2008-06-04 20:38 --------- d-----w C:\Program Files\Common Files\Broderbund
2008-06-02 00:28 --------- d-----w C:\Program Files\Disney Interactive
2008-06-02 00:25 --------- d-----w C:\Program Files\Coupons
2008-06-01 23:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SpinTop Games
2008-05-26 21:16 --------- d-----w C:\Program Files\BFG
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 19:09 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-05 19:09 --------- d-----w C:\Program Files\Common Files\Real
2008-05-05 19:08 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-05 19:08 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-01 20:09 --------- d-----w C:\Documents and Settings\Pearl KasaKaitas\Application Data\Pogo Games
2008-04-30 13:25 --------- d-----w C:\Program Files\QuickTime
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-21 20:46 --------- d-----w C:\Program Files\Game Rival
2008-04-19 23:05 --------- d-----w C:\Program Files\GameHouse
2008-04-19 22:03 --------- d-----w C:\Documents and Settings\Pearl KasaKaitas\Application Data\My Games
2008-04-19 14:08 --------- d-----w C:\Documents and Settings\Pearl KasaKaitas\Application Data\GameHouse
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2005-01-07 19:20 278,528 ----a-w C:\Program Files\internet explorer\plugins\PanoViewer.dll
2005-01-07 19:20 143,360 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll
2003-03-31 12:00 94,784 -csh--w C:\WINDOWS\twain.dll
2004-08-04 07:56 50,688 -csh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-04 07:56 54,784 -csh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 07:56 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 07:56 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2007-12-04 18:38 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 07:56 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 07:56 11,776 -csh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [2006-04-07 15:02 1343488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"InstantTray"="C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [2004-05-06 15:14 772096]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-06-16 14:38 5324584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-13 12:51 1450096]
"CTHelper"="CTHELPER.EXE" [2003-06-19 23:55 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-04 03:56 11776 C:\WINDOWS\system32\regsvr32.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 08:06 188416]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"EnvyHFCPL"="C:\Program Files\Audio Deck\EnMixCPL.exe" [2004-12-09 04:51 3895296]
"Windows Automation"="mslaugh.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-07-17 13:05 64000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2002-12-03 03:56 49152 C:\WINDOWS\MIDIDEF.EXE]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\PrintMaster Platinum 18\Remind.exe [2007-09-09 15:36:02 344064]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^hp instant support.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hp instant support.lnk
backup=C:\WINDOWS\pss\hp instant support.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinScheduler.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinScheduler.lnk
backup=C:\WINDOWS\pss\InterVideo WinScheduler.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
backup=C:\WINDOWS\pss\Microtek Scanner Finder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Pearl KasaKaitas^Start Menu^Programs^Startup^MEMonitor.lnk]
path=C:\Documents and Settings\Pearl KasaKaitas\Start Menu\Programs\Startup\MEMonitor.lnk
backup=C:\WINDOWS\pss\MEMonitor.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Pearl KasaKaitas^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
path=C:\Documents and Settings\Pearl KasaKaitas\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
backup=C:\WINDOWS\pss\Microtek Scanner Finder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
--a--c--- 2004-04-20 16:17 1122816 C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2006-05-28 01:05 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
--a------ 2003-06-12 09:47 135168 C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2006-05-08 05:17 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-05 15:08 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinToolsSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\InterVideo\\MSIPVS\\WinDvr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-02-20 12:03]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-02-03 16:04]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys [2004-11-25 22:55]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 04:35:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ctsvccda.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-06-15 4:45:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-15 08:44:04

Pre-Run: 82,272,350,208 bytes free
Post-Run: 82,185,216,000 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

228 --- E O F --- 2008-06-11 13:45:07




and okay will do that after we fix this - again ty so much for helping

sere

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:55 PM

Posted 15 June 2008 - 02:24 PM

Hi serenity_Ash,

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

Folder:: 
C:\Program Files\Coupons

Registry:: 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Automation"=-


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 serenity_Ash

serenity_Ash
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 15 June 2008 - 05:58 PM

combofix log

ComboFix 08-06-12.2 - Pearl KasaKaitas 2008-06-15 18:00:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.215 [GMT -4:00]
Running from: C:\Documents and Settings\Pearl KasaKaitas\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pearl KasaKaitas\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Coupons
C:\Program Files\Coupons\uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.

2008-06-14 15:25 . 2008-06-14 15:25 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-08 01:02 . 2008-06-08 01:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 22:39 . 2008-06-04 22:39 <DIR> d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Flood Light Games
2008-06-04 22:39 . 2008-06-04 22:39 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Flood Light Games
2008-06-04 17:30 . 2008-06-04 17:34 <DIR> d-------- C:\Program Files\PrintMaster Scrapbook Creator
2008-06-04 17:27 . 2008-06-04 17:29 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-06-04 17:26 . 2004-08-04 07:52 413,696 -ra------ C:\WINDOWS\system32\msvcd67a.rra
2008-06-04 17:26 . 2006-12-18 15:43 147,456 --a------ C:\WINDOWS\system32\PhotoBase Screen Saver.scr
2008-06-04 16:40 . 2007-07-19 13:07 3,186,688 --a------ C:\WINDOWS\system32\cdintf300.dll
2008-06-04 16:40 . 2007-07-19 13:07 3,186,688 --a------ C:\WINDOWS\system32\acXMLParser.dll
2008-06-04 16:38 . 2008-06-04 16:49 <DIR> d-------- C:\Program Files\PrintMaster Platinum 18
2008-06-01 20:21 . 2008-06-01 20:21 <DIR> d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Ludia
2008-06-01 20:21 . 2008-06-01 20:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ludia
2008-06-01 12:04 . 2008-06-01 19:20 <DIR> d-------- C:\Program Files\PopCap Games
2008-05-27 20:07 . 2008-05-27 20:07 <DIR> d----c--- C:\fsaua.data
2008-05-27 20:03 . 2008-05-27 20:03 <DIR> d----c--- C:\_OTMoveIt
2008-05-26 22:24 . 2008-05-26 22:24 <DIR> d----c--- C:\Deckard
2008-05-26 21:35 . 2008-05-26 21:35 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-26 21:35 . 2008-05-26 21:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-05-26 20:02 . 2008-05-26 20:04 <DIR> d----c--- C:\games from kelly
2008-05-26 16:43 . 2008-05-26 16:43 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-26 15:31 . 2008-05-26 15:31 <DIR> d-------- C:\Program Files\Sun
2008-05-26 15:31 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-26 15:03 . 2008-05-26 15:31 <DIR> d-------- C:\Program Files\Java
2008-05-26 14:58 . 2008-05-26 14:58 <DIR> d-------- C:\Program Files\CleanUp!
2008-05-26 14:32 . 2008-05-26 14:32 <DIR> d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Talkback
2008-05-26 14:31 . 2008-05-26 14:31 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-26 12:24 . 2008-06-05 17:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-26 12:24 . 2008-06-05 17:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-26 12:23 . 2003-01-01 00:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-26 12:23 . 2008-05-26 12:23 <DIR> d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Malwarebytes
2008-05-26 12:23 . 2008-05-26 12:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-05-16 23:16 . 2008-05-16 23:17 <DIR> d----c--- C:\2b11c9ee484a6149e82174ae

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 08:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-15 08:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-06-14 19:23 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
2008-06-06 22:18 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-06 16:43 --------- d-----w C:\Documents and Settings\Pearl KasaKaitas\Application Data\WeatherBug
2008-06-05 18:12 --------- d-----w C:\Program Files\Cosmi
2008-06-05 03:01 --------- d-----w C:\Program Files\Oberon Media
2008-06-04 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 21:26 --------- d-----w C:\Program Files\ArcSoft
2008-06-04 20:40 --------- d-----w C:\Program Files\Web Publish
2008-06-04 20:38 --------- d-----w C:\Program Files\Common Files\Broderbund
2008-06-02 00:28 --------- d-----w C:\Program Files\Disney Interactive
2008-06-01 23:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SpinTop Games
2008-05-26 21:16 --------- d-----w C:\Program Files\BFG
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 19:09 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-05 19:09 --------- d-----w C:\Program Files\Common Files\Real
2008-05-05 19:08 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-05 19:08 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-01 20:09 --------- d-----w C:\Documents and Settings\Pearl KasaKaitas\Application Data\Pogo Games
2008-04-30 13:25 --------- d-----w C:\Program Files\QuickTime
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-21 20:46 --------- d-----w C:\Program Files\Game Rival
2008-04-19 23:05 --------- d-----w C:\Program Files\GameHouse
2008-04-19 22:03 --------- d-----w C:\Documents and Settings\Pearl KasaKaitas\Application Data\My Games
2008-04-19 14:08 --------- d-----w C:\Documents and Settings\Pearl KasaKaitas\Application Data\GameHouse
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2005-01-07 19:20 278,528 ----a-w C:\Program Files\internet explorer\plugins\PanoViewer.dll
2005-01-07 19:20 143,360 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll
2003-03-31 12:00 94,784 -csh--w C:\WINDOWS\twain.dll
2004-08-04 07:56 50,688 -csh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-04 07:56 54,784 -csh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 07:56 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 07:56 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2007-12-04 18:38 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 07:56 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 07:56 11,776 -csh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [2006-04-07 15:02 1343488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"InstantTray"="C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [2004-05-06 15:14 772096]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-06-16 14:38 5324584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-13 12:51 1450096]
"CTHelper"="CTHELPER.EXE" [2003-06-19 23:55 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-04 03:56 11776 C:\WINDOWS\system32\regsvr32.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 08:06 188416]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"EnvyHFCPL"="C:\Program Files\Audio Deck\EnMixCPL.exe" [2004-12-09 04:51 3895296]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-07-17 13:05 64000]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-28 01:05 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2002-12-03 03:56 49152 C:\WINDOWS\MIDIDEF.EXE]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\PrintMaster Platinum 18\Remind.exe [2007-09-09 15:36:02 344064]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^hp instant support.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hp instant support.lnk
backup=C:\WINDOWS\pss\hp instant support.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinScheduler.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinScheduler.lnk
backup=C:\WINDOWS\pss\InterVideo WinScheduler.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
backup=C:\WINDOWS\pss\Microtek Scanner Finder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Pearl KasaKaitas^Start Menu^Programs^Startup^MEMonitor.lnk]
path=C:\Documents and Settings\Pearl KasaKaitas\Start Menu\Programs\Startup\MEMonitor.lnk
backup=C:\WINDOWS\pss\MEMonitor.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Pearl KasaKaitas^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
path=C:\Documents and Settings\Pearl KasaKaitas\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
backup=C:\WINDOWS\pss\Microtek Scanner Finder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
--a--c--- 2004-04-20 16:17 1122816 C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2006-05-28 01:05 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
--a------ 2003-06-12 09:47 135168 C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2006-05-08 05:17 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-05 15:08 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinToolsSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\InterVideo\\MSIPVS\\WinDvr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-02-20 12:03]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-02-03 16:04]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys [2004-11-25 22:55]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 18:03:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-15 18:07:09
ComboFix-quarantined-files.txt 2008-06-15 22:06:34
ComboFix2.txt 2008-06-15 08:45:10

Pre-Run: 82,177,015,808 bytes free
Post-Run: 82,181,156,864 bytes free

188 --- E O F --- 2008-06-11 13:45:07



dss log

Deckard's System Scanner v20071014.68
Run by Pearl KasaKaitas on 2008-06-15 18:56:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Pearl KasaKaitas.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:28 PM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Audio Deck\EnMixCPL.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Pearl KasaKaitas\Desktop\virus stuff\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\PEARLK~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Platinum 18\Remind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://207.67.84.157/home/SonySncRz30View.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.gamehouse.com/games/DreamChronicles.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://clubgames.pogo.com/online2/pogop/ma...mesLauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/famil.../familyfeud.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 8596 bytes

-- Files created between 2008-05-15 and 2008-06-15 -----------------------------

2008-06-15 18:03:07 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-15 04:28:35 0 d------c- C:\cmdcons
2008-06-15 04:27:38 68096 --a------ C:\WINDOWS\zip.exe
2008-06-15 04:27:38 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-15 04:27:38 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-15 04:27:38 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-15 04:27:38 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-15 04:27:38 98816 --a------ C:\WINDOWS\sed.exe
2008-06-15 04:27:38 80412 --a------ C:\WINDOWS\grep.exe
2008-06-15 04:27:38 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-14 15:25:51 0 d-------- C:\Program Files\Alwil Software
2008-06-08 01:02:27 0 d-------- C:\Program Files\Trend Micro
2008-06-04 22:39:27 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Flood Light Games
2008-06-04 22:39:27 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Flood Light Games
2008-06-04 17:30:53 0 d-------- C:\Program Files\PrintMaster Scrapbook Creator
2008-06-04 17:27:12 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-06-04 17:26:49 147456 --a------ C:\WINDOWS\system32\PhotoBase Screen Saver.scr <Not Verified; ArcSoft, Inc.; PhotoBase Screen Saver>
2008-06-04 16:40:23 3186688 --a------ C:\WINDOWS\system32\cdintf300.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-06-04 16:40:23 3186688 --a------ C:\WINDOWS\system32\acXMLParser.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-06-04 16:38:01 0 d-------- C:\Program Files\PrintMaster Platinum 18
2008-06-01 20:21:44 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Ludia
2008-06-01 20:21:44 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ludia
2008-06-01 12:04:33 0 d-------- C:\Program Files\PopCap Games
2008-05-27 20:07:11 0 d------c- C:\fsaua.data
2008-05-26 21:35:09 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-05-26 21:35:08 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-26 20:02:40 0 d------c- C:\games from kelly
2008-05-26 16:43:06 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-26 15:31:25 0 d-------- C:\Program Files\Sun
2008-05-26 15:03:04 0 d-------- C:\Program Files\Java
2008-05-26 14:32:11 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Talkback
2008-05-26 14:31:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-26 14:31:47 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Mozilla
2008-05-26 12:23:59 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Malwarebytes
2008-05-26 12:23:41 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-05-26 12:23:39 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-16 23:16:04 0 d------c- C:\2b11c9ee484a6149e82174ae


-- Find3M Report ---------------------------------------------------------------

2008-06-08 18:28:27 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-06 12:43:15 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\WeatherBug
2008-06-05 14:12:34 0 d-------- C:\Program Files\Cosmi
2008-06-04 23:01:27 0 d-------- C:\Program Files\Oberon Media
2008-06-04 17:30:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-04 17:27:12 0 d-------- C:\Program Files\Common Files
2008-06-04 17:26:27 0 d-------- C:\Program Files\ArcSoft
2008-06-04 16:40:33 0 d-------- C:\Program Files\Web Publish
2008-06-04 16:38:17 0 d-------- C:\Program Files\Common Files\Broderbund
2008-06-01 20:28:05 0 d-------- C:\Program Files\Disney Interactive
2008-06-01 20:21:22 70 --a------ C:\WINDOWS\popcinfot.dat
2008-05-26 17:16:40 0 d-------- C:\Program Files\BFG
2008-05-05 18:25:25 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Google
2008-05-05 15:09:36 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-05 15:09:18 0 d-------- C:\Program Files\Common Files\Real
2008-05-01 16:09:07 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\Pogo Games
2008-04-30 09:25:57 0 d-------- C:\Program Files\QuickTime
2008-04-21 16:46:10 0 d-------- C:\Program Files\Game Rival
2008-04-19 19:05:42 0 d-------- C:\Program Files\GameHouse
2008-04-19 18:03:23 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\My Games
2008-04-19 10:08:30 0 d-------- C:\Documents and Settings\Pearl KasaKaitas\Application Data\GameHouse
2008-04-06 12:12:16 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [11/10/2003 04:06 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [09/13/2004 12:51 PM]
"CTHelper"="CTHELPER.EXE" [06/19/2003 11:55 PM C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [08/04/2004 03:56 AM C:\WINDOWS\system32\regsvr32.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe" [07/11/2002 08:06 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"EnvyHFCPL"="C:\Program Files\Audio Deck\EnMixCPL.exe" [12/09/2004 04:51 AM]
"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 12:01 PM C:\WINDOWS\AGRSMMSG.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [07/17/2007 01:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/28/2006 01:05 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [04/07/2006 03:02 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"InstantTray"="C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [05/06/2004 03:14 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [06/16/2006 02:38 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"=MIDIDEF.EXE

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\PrintMaster Platinum 18\Remind.exe [9/9/2007 3:36:02 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^hp instant support.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hp instant support.lnk
backup=C:\WINDOWS\pss\hp instant support.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinScheduler.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinScheduler.lnk
backup=C:\WINDOWS\pss\InterVideo WinScheduler.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
backup=C:\WINDOWS\pss\Microtek Scanner Finder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pearl KasaKaitas^Start Menu^Programs^Startup^MEMonitor.lnk]
path=C:\Documents and Settings\Pearl KasaKaitas\Start Menu\Programs\Startup\MEMonitor.lnk
backup=C:\WINDOWS\pss\MEMonitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pearl KasaKaitas^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
path=C:\Documents and Settings\Pearl KasaKaitas\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
backup=C:\WINDOWS\pss\Microtek Scanner Finder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinToolsSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc




-- End of Deckard's System Scanner: finished at 2008-06-15 18:56:57 ------------

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:55 PM

Posted 15 June 2008 - 06:44 PM

Hi serenity ,

Looks good. :thumbsup: We still have to do some clean up. How is the computer running?
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 serenity_Ash

serenity_Ash
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 15 June 2008 - 06:50 PM

it seems to be running a little bit faster - am re-running avast now - *crosses fingers

the other question i have is if i have prevx on - do i need the Malwarebytes antimalware program?

#11 serenity_Ash

serenity_Ash
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 15 June 2008 - 08:30 PM

ran avast - it says i have no virus's or trojans but it does say i have malicious adware - win32.trojanare and win.32.adware

or something like that - not sure what those mean but bet you do -


thank you so much again ::thumbsup:

now for cleanup :)

Edited by serenity_Ash, 15 June 2008 - 08:31 PM.


#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:55 PM

Posted 15 June 2008 - 08:57 PM

Hi

ran avast - it says i have no virus's or trojans but it does say i have malicious adware - win32.trojanare and win.32.adware


Can you post the locations of the adware it found?




the other question i have is if i have prevx on - do i need the Malwarebytes antimalware program?


No. You can uninstall Malwarebytes if you want to.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 serenity_Ash

serenity_Ash
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 17 June 2008 - 05:54 PM

ok re ran avast and nothing showed up - no malware or virus :thumbsup:

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:55 PM

Posted 17 June 2008 - 06:47 PM

Hi serenity,

I think your good to go. :thumbsup:

Good job on the cleanup!

Uninstall ComboFix, go to to Start > Run & type in ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete any of its related folders and files (Qoobox
VundoFix Backups, Avenger, Deckard, _OTMoveIt), reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Please read and follow How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes


If you want to improve speed/system performance after malware removal, take a look here.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 serenity_Ash

serenity_Ash
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 17 June 2008 - 09:36 PM

ty so much and my mother-in-law is thankful too :thumbsup:

i definitely will be making a donation when i get paid on the first



your help was very valuable and very thankful

serenity




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users