Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Running Slow


  • Please log in to reply
15 replies to this topic

#1 helpmee

helpmee

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 08 April 2007 - 12:47 PM

Hi,

I'm not sure if i have any viruses, because norton av hasn't picked up anything but my computer has been running slower and slower each time i turn it on.

Here's my hijackthis log


Logfile of HijackThis v1.99.1
Scan saved at 1:39:23 PM, on 4/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Comp USA\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\RunServices: [Microsoft Service] c:\hidden\leetbot.exe
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

BC AdBot (Login to Remove)

 


#2 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:10:54 AM

Posted 11 April 2007 - 12:08 PM

Hello helpmee

Welcome to Bleeping Computer!

Sorry about the delay. We're all volunteers here, and it's been very busy. If you still need help, please post a new HijackThis log to make sure nothing has changed. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log link

And I'll be happy to look at it for you.

I also need to see a different type of log from Hijackthis:
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your next reply.
Thanks, for your patience.

Stelios

#3 helpmee

helpmee
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 12 April 2007 - 05:46 AM

hi,

heres the new highjackthis log and the other one you asked for.


Logfile of HijackThis v1.99.1
Scan saved at 6:42:05 AM, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Comp USA\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\RunServices: [Microsoft Service] c:\hidden\leetbot.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


here's the uninstall list.


Adobe Acrobat 4.0
American Greetings CreataCard Select 6
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AppCore
AudibleManager
AV
Bejeweled 2 Deluxe
Bejeweled 2 Deluxe 1.0
ccCommon
CPQ165KB Driver
Creative Mass Storage Drivers
Creative MediaSource
Creative System Information
Creative Zen Nano Plus
DeductionPro 2004-05
DeductionPro 2005-06
Emperor: Rise of the Middle Kingdom
Empire Earth
Empire Earth - The Art of Conquest
GameSpy Arcade
HijackThis 1.99.1
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
Imation Disk Manager II Service
InstantCD/DVD
InstantMusic Samples
InterVideo Installer
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2
Learn2 Player (Uninstall Only)
LG USB Drivers
LimeWire 4.12.11
LiveUpdate 3.1 (Symantec Corporation)
Locomotion
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Office Standard Edition 2003
Microsoft Web Publishing Wizard 1.52
MSN Music Assistant
MSRedist
Nero - Burning Rom
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
OpenMG Limited Patch 4.0-04-11-28-01
OpenMG Secure Module 4.0.05
PowerDVD
ProSavageDDR and Utilities
Pure Networks Port Magic
QuickTime
Readiris 7.5
RealPlayer
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sierra Utilities
Silkroad
SonicStage 2.3.00
SPBBC 32bit
Spy Sweeper
Stronghold Crusader
SymNet
TalonSoft's West Front
TaxCut 2004
TaxCut Deluxe 2005
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
V CAST Music
Viewpoint Media Player
Windows Genuine Advantage v1.3.0254.0
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Service Pack 2
WinRAR archiver
Yahoo! Toolbar

#4 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:10:54 AM

Posted 13 April 2007 - 12:18 PM

Hi helpmee


Before we continue we need to examine a file from your comp.

Please download this program:

submit files packer

Highlight the files listed below in bold and right-click and selecting copy.

c:\hidden\leetbot.exe

Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

It will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to helpmee.cab

Then go to:

http://www.bleepingcomputer.com/submit-malware.php?channel=3

And fill in the required fields and browse to this file on your desktop. Finally click on the Send File button.


Stelios

#5 helpmee

helpmee
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 13 April 2007 - 02:00 PM

hi Stelios,


I have submitted the file that you asked me to.

#6 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:10:54 AM

Posted 15 April 2007 - 11:15 PM

Hi helpmee

I see you have Viewpoint installed

Viewpoint Media Player collects information about the user.
From the vendor's privacy policy:
To provide a satisfying consumer experience and to operate effectively,
the Viewpoint Media Player periodically sends information to servers at Viewpoint.
Detected as spyware with some detection programs.
See here:
http://www.clickz.com/news/article.php/3561546
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/arch...4.php#viewpoint

Go to Start > Control Panel double-click on Add/Remove programs and remove

Viewpoint Media Player

=====
I suggest you disable Spysweeper because it can interfere with the changes you'll make on your system.


1. Open Spysweeper and click on Options > Program Options and uncheck "load at windows startup".
2. On the left click "shields" and then uncheck everything there.
3. Uncheck "home page shield".
4. Uncheck "automatically restore default without notification".
5. Exit the program.

=====

Please print out or copy this instructions/tutorial to Notepad as the internet will not be available to you at certain points of the removal process (while in Safe Mode). Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
=====

Please Run HijackThis again, click scan, and Put a checkmark next to each of the lines listed below, if still present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O4 - HKLM\..\RunServices: [Microsoft Service] c:\hidden\leetbot.exe


Then close all other windows--you should only see Hijack This on your Desktop--and click the Fix Checked button, and EXIT Hijack This.
=====

Make sure that you can see hidden files.
  • ClickStart.
  • Click My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Uncheck the Hide file extensions for known file types.
  • Click OK.
=====

Please reboot your computer in SafeMode by doing the following:
  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.
  • Select the first option, to run Windows in Safe Mode.
  • If you have trouble getting into Safe mode go here <--link to tutorial
=====

Now, using Windows Explorer, (right click on start, click on explore) I need you to DELETE the following folder and all their content if still present :

c:\hidden < --folder

Please reboot and post a new HijackThis log.



Stelios

#7 helpmee

helpmee
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 16 April 2007 - 07:38 AM

hi stelios,

i uninstalled view point media player as you suggested, i saw an earlier post but i guess you deleted it?

Well heres the highjackthis log.



Logfile of HijackThis v1.99.1
Scan saved at 8:34:53 AM, on 4/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Comp USA\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#8 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:10:54 AM

Posted 16 April 2007 - 12:43 PM

Hi helpme

Good job! :thumbsup:
Looks like the infected file you had its gone, but let’s make sure.
=====

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.

    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 8
    Java 2 Runtime Environment, SE v1.4.2

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586 to install the newest version.
=====

Download LSPFix.exe <--Link to a convenient location, like your desktop and run it. Check the box that says 'I know what I'm doing'. Click on connwsp.dll on the left window and then click on the arrow pointing to the right. Click Finish and follow the prompts.
=====

Please download ATF Cleaner by Atribune. Don’t run it yet.
=====

We need to run Avg and update the definition files.
Please run AVG
  • On the main screen select the "Update" icon then click "Start Update". The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
    Don’t run it yet Close Avg anti-spyware .
    =====

    Please Run HijackThis again, click scan, and Put a checkmark next to each of the lines listed below, if still present:


    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZS


    Then close all other windows--you should only see Hijack This on your Desktop--and click the Fix Checked button, and EXIT Hijack This.
    =====

    Please reboot your computer in SafeMode by doing the following:
    • Restart your computer.
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear.
    • Select the first option, to run Windows in Safe Mode.
    • If you have trouble getting into Safe mode go here <--link to tutorial
    =====

    Still in safe mode run: ATF
    Double-click Posted Image to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    If you use Firefox browserClick Firefox at
    the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please
    click No at the prompt.
    If you use Opera browserClick Opera at the
    top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please
    click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located
    at the bottom of each menu.]

    =====
  • Lauch Avg-anti-spyware by double-clicking the icon Posted Image on your desktop.IMPORTANT: Do not open any other windows or programs while Avg is scanning, it may interfere with the scanning proccess.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan"
  • Avg will now begin the scanning process, be patient this may take a little time.
  • Avg will list any infections found on the left hand side. When the scan has finished, it should automatically set the recommended action to Quarantine--if not click on Recommended Action and set it there. Click the Apply all actions button. Avg will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close Avg.
IMPORTANT: Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button
=====

Reboot back to normal mode.

Please go HERE to run Panda's Posted Image ActiveScan
  • Once you are on the Panda site click the Posted Image button
  • A new window will open.
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Posted Image
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on Posted Image to start the scan
  • When the scan completes, if anything malicious is detected, click the Posted Image button, Posted Image and save it to a convenient location. Post the contents of the ActiveScan report


Please post back:

1) The Avg report
2) the Panda report.
3) New HijackThis log.

Let us know how is your computer working now?

Stelios

#9 helpmee

helpmee
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 17 April 2007 - 03:02 PM

hi stelios,

i have done all you have asked and here are the log files, the computer is still really slow and doesn't seemed to change much if at all, but thanks for your help.


Logfile of HijackThis v1.99.1
Scan saved at 3:58:25 PM, on 4/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Comp USA\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe





---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:17:38 PM 4/15/2007

+ Scan result:



C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).


::Report end





Incident Status Location

Adware:adware/savenow Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Comp USA\Cookies\comp usa@2o7[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Comp USA\Cookies\comp usa@atwola[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Comp USA\Cookies\comp usa@questionmarket[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Comp USA\Cookies\comp usa@tribalfusion[1].txt
Virus:Trj/Sleeper.D Disinfected C:\Documents and Settings\Comp USA\Local Settings\Temp\VFN0QTa04060
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\Comp USA\My Documents\SmileyCentralSetup2.0.3.20.exe
Potentially unwanted tool:Application/RealSpy Not disinfected C:\WINDOWS\system32\actskn45.ocx

#10 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:10:54 AM

Posted 17 April 2007 - 04:49 PM

Hi helpmee


Please print out or copy this instructions/tutorial to Notepad as the internet will not be available to you at certain points of the removal process (while in Safe Mode).
=====
Please reboot your computer in SafeMode by doing the following:
  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.
  • Select the first option, to run Windows in Safe Mode.
  • If you have trouble getting into Safe mode go here <--link to tutorial
=====
Now, using Windows Explorer, (right click on start, click on explore) I need you to DELETE the following files if still present :

C:\Documents and Settings\Comp USA\My Documents\SmileyCentralSetup2.0.3.20.exe < --file

C:\WINDOWS\system32\actskn45.ocx < --file
=====
Reboot back to normal mode.

Download and save to your desktop. https://europe.f-secure.com/exclude/blacklight/blbeta.exe
  • Double-click blbeta.exe then accept the agreement.
  • Click on scan then click next.
  • You'll see a list of all items found.
  • Do not choose for rename yet! I want to see the log first; legitimate items can also be present.
  • There is a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Post the contents of the log in your next reply.



Stelios

#11 helpmee

helpmee
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 19 April 2007 - 05:19 AM

hi stelios,

The scan came up clean, the computer seems to be running a little bit faster :thumbsup: . Heres the log from the scan


04/18/07 22:30:29 [Info]: BlackLight Engine 1.0.61 initialized
04/18/07 22:30:29 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/18/07 22:30:29 [Note]: 7019 4
04/18/07 22:30:29 [Note]: 7005 0
04/18/07 22:30:32 [Note]: 7006 0
04/18/07 22:30:32 [Note]: 7011 1312
04/18/07 22:30:32 [Note]: 7026 0
04/18/07 22:30:33 [Note]: 7026 0
04/18/07 22:30:41 [Note]: FSRAW library version 1.7.1021
04/18/07 22:45:52 [Note]: 2000 1012

#12 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:10:54 AM

Posted 19 April 2007 - 02:11 PM

Hi helpmee

Yes the scan is clean! :thumbsup:

Let’s have one last online scan from a different scanner.

Please do an online scan with Kaspersky WebScanner

Click on Posted Image

You will be promted to install an ActiveX component from Kaspersky, Click Posted Image
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Posted Image
  • Now click on Posted Image
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click Posted Image
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
And a new HijackThis log


Stelios

#13 helpmee

helpmee
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 23 April 2007 - 05:09 AM

hi Stelios,

Here is the scan report and the new hijackthis. it might take two posts

Edited by helpmee, 23 April 2007 - 05:19 AM.


#14 helpmee

helpmee
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 23 April 2007 - 05:13 AM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, April 23, 2007 5:59:33 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/04/2007
Kaspersky Anti-Virus database records: 283060
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 175202
Number of viruses found: 9
Number of infected objects: 15 / 0
Number of suspicious objects: 0
Duration of the scan process: 04:10:20

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d5999ac1950e1bbbf4d92caef1e21b65_0c758858-40c4-4097-9858-a11eaa45f93d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\DSS\MachineKeys\58fc397ff17210ba46ae729b4bf362bd_9f7c8b20-cdad-4395-a235-3f94c9663ba3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\17306aaa275708a18a078f6e95f1c2d9_9f7c8b20-cdad-4395-a235-3f94c9663ba3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1aae042d90945794d01fcefc86bac4d4_9f7c8b20-cdad-4395-a235-3f94c9663ba3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e5460cce6c9638de805deb61800c049_9f7c8b20-cdad-4395-a235-3f94c9663ba3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b3c1ccf6939d23c95b306ccd1bec5b8_9f7c8b20-cdad-4395-a235-3f94c9663ba3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\65f366d81bf54f78fe0422a0eef81867_9f7c8b20-cdad-4395-a235-3f94c9663ba3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\89fa97eb02a130fa13a8c6b1ed6454e3_9f7c8b20-cdad-4395-a235-3f94c9663ba3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d870cdd6238ae2f468a06f9c6e43c057_9f7c8b20-cdad-4395-a235-3f94c9663ba3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2a292c35cba2b71a69e1f7a7f969f69_9f7c8b20-cdad-4395-a235-3f94c9663ba3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8338f07d9f1de13bfd1d2d6b967a1ff_9f7c8b20-cdad-4395-a235-3f94c9663ba3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\LiveUpdate\2007-04-22_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\015E3BA5.htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\235C4371.exe Infected: Worm.Win32.VB.an skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\245B0E58.exe Infected: Worm.Win32.VB.an skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\277468EF.exe Infected: P2P-Worm.Win32.Krepper.c skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\288A59BE.exe Infected: P2P-Worm.Win32.Krepper.c skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\39115876.tmp Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\44DE4B17 Infected: Backdoor.Win32.MoSucker.dd skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\5B861229.exe Infected: Trojan-Spy.Win32.Perfloger.o skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\6E6950BC.exe Infected: Trojan-Spy.Win32.Perfloger.o skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\743B5529.exe Infected: Trojan-Spy.Win32.SCKeyLog.au skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\772C0BDE.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\78996A4C.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\78AA3C3A.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\7E4F51E1.exe Infected: Trojan-Downloader.Win32.IstBar.om skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\7E5C79D3.exe Infected: Trojan-Downloader.Win32.IstBar.om skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtETmp\BBB61C63.TMP Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\Comp USA\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Comp USA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Comp USA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Comp USA\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Comp USA\Local Settings\History\History.IE5\MSHist012007042220070423\index.dat Object is locked skipped
C:\Documents and Settings\Comp USA\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Comp USA\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Comp USA\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Comp USA\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Noel\NTUser.dat Object is locked skipped
C:\Documents and Settings\Noel\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7DEF65F2-355C-4CA7-8ADA-F675E1D7A6FD}\RP443\change.log Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013542.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013543.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013544.sys Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013545.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013546.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013547.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013548.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013549.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013550.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013551.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013552.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013553.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013554.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013555.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013556.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013557.sys Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013558.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013559.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013560.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013561.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP35\A0013562.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013575.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013576.ocx Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013577.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013578.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013579.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013580.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013581.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013582.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013583.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013584.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013585.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013586.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013587.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013588.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013589.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013590.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013591.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013592.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013593.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013594.ocx Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013595.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013596.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013597.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013598.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013599.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013600.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013601.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013602.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP36\A0013603.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013612.sys Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013613.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013614.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013615.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013616.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013617.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013618.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013619.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013620.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013621.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013622.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013623.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013624.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013625.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013626.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013627.sys Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013628.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013629.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013630.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013631.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP37\A0013632.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013638.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013639.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013640.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013641.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013642.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013643.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013644.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013645.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013646.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013647.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013648.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013649.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013650.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013651.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013652.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013653.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013654.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013655.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013656.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013657.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP38\A0013658.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013666.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013667.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013668.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013669.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013670.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013671.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013672.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013673.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013674.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013675.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013676.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013677.sys Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013678.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013679.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013680.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013681.sys Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013682.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013683.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013684.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013685.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP39\A0013686.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP40\A0013692.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP40\A0013693.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP40\A0013694.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP40\A0013695.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP40\A0013696.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP40\A0013697.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP40\A0013698.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP40\A0013699.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP40\A0013700.cnv Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP41\A0013705.TTF Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP41\A0013706.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP41\A0013707.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP41\A0013708.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP41\A0013709.CAT Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP41\A0013710.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP41\A0013711.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP41\A0013712.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP41\A0013713.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP41\A0013714.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP41\A0013715.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP41\A0013716.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013761.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013762.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013763.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013764.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013765.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013766.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013767.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013768.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013769.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013770.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013771.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013772.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013773.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013774.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013775.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013776.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013777.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013778.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013779.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013780.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013781.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013782.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013783.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013784.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013785.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013786.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013787.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013788.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013789.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013790.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013791.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013792.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013793.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013794.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013795.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013796.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013797.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013798.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013799.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013800.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013801.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013802.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013803.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013804.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013805.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013806.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013807.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013808.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013809.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013810.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013811.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013812.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013813.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013814.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013815.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013816.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013817.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013818.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP42\A0013819.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013849.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013850.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013851.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013852.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013853.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013854.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013855.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013856.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013857.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013858.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013859.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013860.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013861.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013862.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013863.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013864.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013865.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013866.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013867.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013868.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013869.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013870.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013871.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013872.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013873.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013874.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013875.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013876.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013877.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013878.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013879.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013880.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013881.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013882.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013883.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013884.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013885.tsp Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013886.TSP Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013887.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013888.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013889.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013890.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013891.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013892.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013893.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013894.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013895.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013896.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013897.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013898.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013899.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013900.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP43\A0013901.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013938.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013939.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013940.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013941.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013942.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013943.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013944.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013945.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013946.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013947.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013948.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013949.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013950.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013951.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013952.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013953.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013954.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013955.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013956.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP45\A0013957.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014003.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014004.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014005.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014006.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014007.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014008.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014009.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014010.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014011.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014012.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014013.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014014.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014015.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014016.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014017.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014018.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014019.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014020.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014021.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014022.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014023.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014024.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014025.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014026.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014027.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014028.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014029.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014030.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP49\A0014031.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014040.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014041.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014042.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014043.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014044.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014045.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014046.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014047.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014048.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014049.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014050.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014051.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014052.ver Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014053.inf Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014054.cat Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014055.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014056.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014057.exe Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014058.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014059.dll Object is locked skipped
C:\System Volume Information\_restore{A3D2CB98-430C-4295-A2B5-797A3BBAB2D8}\RP50\A0014060.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ329115$\reg00003 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped

Edited by helpmee, 23 April 2007 - 05:18 AM.


#15 helpmee

helpmee
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 23 April 2007 - 05:18 AM

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.





Logfile of HijackThis v1.99.1
Scan saved at 6:03:59 AM, on 4/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Comp USA\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users