Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antispywareupdates.net Help Please [RESOLVED]


  • This topic is locked This topic is locked

#1
amit123

amit123

    New Member

  • Member
  • Pip
  • 8 posts
I ahve been having this problem since yesterday where I keep getting windows security popups that my computer is infected with spyware. I keep on being prodded to buy Spy Away and Perfect Cleaner.

1. I keep getting pop-ups from antispywareupdates.net

2. My task manager is greyed-out and won't let me do anything. Whenever I try elsewhere, it tells me I'm not the administrator but I am signed as an administrator.

3. I'm also getting pop-ups from Windows Security Center(which is a fake and another virus)

4. I've tried Norton Antivirus which was installed on this PC but it hasn't done a thing to it.

I cannot restore to earlier timeperiods. Also when I try to flush earlier restores, I do not get such an option in my Disk Cleanup utility.

Please help me. I am posting my Hijack me log as well as uninstall list



My Hijackme log is as below

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:39 AM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mgmrwmrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Gizmo Project\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinTVR3\Schedule.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Gizmo Project\Gizmo.exe
C:\Documents and Settings\amitabh\My Documents\clonedvd and anydvd\Clone DVD + AnyDVD + Crack & Serial\AnyDVD\AnyDVD Crack\AnyDVD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\TRENDnet.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bat\X_Bat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Schedule] "C:\Program Files\WinTVR3\Schedule.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O5 "LPT1:" /M "Stylus CX4200"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P35 "EPSON Stylus CX4200 Series (Copy 1)" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Gizmo Project] "C:\Program Files\Gizmo Project\Gizmo.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Documents and Settings\amitabh\My Documents\clonedvd and anydvd\Clone DVD + AnyDVD + Crack & Serial\AnyDVD\AnyDVD Crack\AnyDVD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\amitabh\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\amitabh\Application Data\Microsoft\Windows\bkhbmeq.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe (User 'Default user')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11351 bytes

My uninstall list is as below

µTorrent
Adobe Reader 8.1.2
AnyDVD
AppCore
AV
Bat
ccCommon
CloneDVD
COMPASS CRE
COMPASS CRE
Crystal Reports 10 .NET runtime
Disk Manager
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EPSON Printer Software
EPSON Scan
EPSON Web-To-Page
GalleryPlayer Images
Gizmo Project 3.1
Google Desktop
Google Earth
Google Photos Screensaver
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Internet Worm Protection
iTunes
K-Lite Codec Pack 2.70 Full
LiveUpdate 3.1 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
MSXML 4.0 SP2 (KB936181)
Nero 7 Ultra Edition
neroxml
NETGEAR WG311v2 802.11g Wireless PCI Adapter
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
NVIDIA Drivers
Picasa 2
QuickTime
Realtek AC'97 Audio
ResChanger 2005
S801TFN
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SPBBC 32bit
Symantec
TRENDnet TEW-421PC or TEW-423PI
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Tools 4.0
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinTVR3
ZC Video Converter 1.2.1
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello amit123

Welcome to G2Go. :)
=====================
Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
amit123

amit123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks Kahdah:

Combofix file is as below. Hijackthis update is below that

ComboFix 08-03-14.4 - amitabh 2008-03-16 10:46:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.575 [GMT -4:00]
Running from: C:\Documents and Settings\amitabh\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\3.tmp
C:\4.tmp
C:\6.tmp
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\amitabh\Application Data\WinTouch
C:\Documents and Settings\amitabh\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\amitabh\My Documents\YSTEM3~1
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\default.htm
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\000090.exe
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\sks~1\??sks\
C:\WINDOWS\system32\wcpiit.exe
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll
C:\WINDOWS\wr.txt

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
.

2008-03-16 10:13 . 2008-03-16 10:13 <DIR> d-------- C:\New Folder
2008-03-16 10:10 . 2008-03-16 10:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-16 09:33 . 2008-03-16 09:33 <DIR> d-------- C:\_OTMoveIt
2008-03-16 09:25 . 2008-03-16 09:25 <DIR> d-------- C:\KAV
2008-03-16 09:15 . 2008-03-16 09:15 <DIR> d-------- C:\Program Files\180search assistant
2008-03-16 09:14 . 2008-03-16 09:14 <DIR> d-------- C:\Program Files\180solutions
2008-03-16 09:14 . 2008-03-16 09:15 <DIR> d-------- C:\Program Files\180searchassistant
2008-03-16 09:14 . 2008-03-16 09:14 32,512 --a------ C:\WINDOWS\didduid.ini
2008-03-15 20:54 . 2008-03-16 07:43 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-03-15 20:54 . 2008-03-15 20:54 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-15 20:49 . 2008-03-15 20:49 <DIR> d-------- C:\WINDOWS\system32\runtime
2008-03-15 20:46 . 2008-03-15 20:46 <DIR> d-------- C:\Program Files\zango
2008-03-15 20:46 . 2008-03-15 20:46 <DIR> d-------- C:\Program Files\Sysmnt
2008-03-15 20:46 . 2008-03-15 20:46 <DIR> d-------- C:\Program Files\stc
2008-03-15 20:44 . 2008-03-15 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-15 20:37 . 2008-03-15 20:39 <DIR> d-------- C:\Program Files\Bat
2008-03-15 20:37 . 2008-03-15 20:37 90,544 --a------ C:\WINDOWS\system32\mgmrwmrv.exe
2008-03-15 20:37 . 2008-03-15 20:37 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-13 07:54 . 2008-03-13 07:54 <DIR> d-------- C:\Documents and Settings\amitabh\Application Data\Property & Portfolio Research
2008-03-07 17:40 . 2008-03-07 17:40 <DIR> d-------- C:\Program Files\Property & Portfolio Research
2008-03-07 17:39 . 2008-03-07 17:39 <DIR> d-------- C:\Program Files\MapInfo MapX
2008-03-07 17:39 . 2008-03-07 17:39 <DIR> d-------- C:\Program Files\Crystal Decisions
2008-03-07 17:39 . 2008-03-07 17:39 <DIR> d-------- C:\Program Files\Common Files\Crystal Decisions
2008-03-07 17:37 . 2008-03-07 17:38 <DIR> d-------- C:\WINDOWS\system32\URTTemp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 14:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-16 11:42 --------- d-----w C:\Documents and Settings\amitabh\Application Data\uTorrent
2008-03-16 00:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-16 00:51 --------- d-----w C:\Program Files\Google
2008-02-02 21:53 --------- d-----w C:\Documents and Settings\amitabh\Application Data\Media Player Classic
2008-02-02 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-26 18:23 --------- d-----w C:\Program Files\SlySoft
2008-01-26 18:22 --------- d-----w C:\Program Files\Elaborate Bytes
2008-01-26 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-20 18:23 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-01-20 18:22 --------- d-----w C:\Program Files\DivX
2008-01-20 18:20 --------- d-----w C:\Program Files\ZC Video Converter
2007-12-17 08:11 120 ----a-w C:\drmHeader.bin
2006-02-23 18:52 280,576 ----a-w C:\WINDOWS\inf\TEW-421PC\MRV8335XP.sys
2006-02-23 18:52 280,576 ----a-w C:\WINDOWS\inf\TEW-421PC\MRV8335.sys
2006-02-23 18:52 212,992 ----a-w C:\WINDOWS\inf\TEW-421PC\CopyWHQLDriver.exe
2004-07-02 17:19 40,960 ----a-w C:\WINDOWS\inf\WG311v2\imdinst.exe
2004-06-18 04:41 386,688 ----a-w C:\WINDOWS\inf\WG311v2\netwg311_XP.sys
2004-04-04 18:07 84,912 ----a-w C:\WINDOWS\inf\WG311v2\FwRad17.bin
2004-04-04 18:07 83,320 ----a-w C:\WINDOWS\inf\WG311v2\FwRad16.bin
2004-02-04 17:53 62,865 ----a-w C:\WINDOWS\inf\WG311v2\odysseyIM3.sys
2004-02-04 17:53 12,739 ----a-w C:\WINDOWS\inf\WG311v2\odNetInstall.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F7460B-C831-4142-A4AA-5EC303EC4343}]
2008-03-07 21:15 413696 --a------ C:\Program Files\Bat\Bat.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChanger 2005"="C:\Program Files\ResChanger 2005\ResChanger2005.exe" [2005-05-26 20:30 885248]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-08 11:00 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Schedule"="C:\Program Files\WinTVR3\Schedule.exe" [2005-12-30 10:32 94208]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 08:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 07:06 7311360]
"nwiz"="nwiz.exe" [2005-12-10 07:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 07:06 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-01 12:45 155648]
"EPSON Stylus CX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.exe" [2005-03-08 05:00 98304]
"EPSON Stylus CX4200 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.exe" [2005-03-08 05:00 98304]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-15 20:49 29744]
"NWEReboot"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22 26248]
"Gizmo Project"="C:\Program Files\Gizmo Project\Gizmo.exe" [2007-06-15 18:00 3850240]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 02:33 45056]
"ElbyCheckAnyDVD"="C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" [2003-09-20 15:23 45056]
"AnyDVD"="C:\Documents and Settings\amitabh\My Documents\clonedvd and anydvd\Clone DVD + AnyDVD + Crack & Serial\AnyDVD\AnyDVD Crack\AnyDVD.exe" [2003-09-29 23:17 175616]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-07-16 09:19:08 124912]
NETGEAR WG311v2 Smart Configuration.lnk - C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 13:32:18 450560]
Wireless Configuration Utility HW.51.lnk - C:\WINDOWS\Installer\{29F15D3F-5B37-44DB-BB89-390B3AD1404E}\NewShortcut1.exe [2007-09-01 11:04:48 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 16:45 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote]
--a------ 2005-09-27 15:56 241664 C:\Program Files\WinTVR3\Remote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-08 11:00 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Gizmo Project\\mDNSResponder.exe"=
"C:\\Program Files\\Gizmo Project\\Gizmo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2006-03-29 22:39]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-15 20:49]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64633bd8-bf49-11da-8e2c-806d6172696f}]
\Shell\AutoRun\command - F:\Setup.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f09b8bf-8825-11dc-8a95-0016ec20b957}]
\Shell\AutoRun\command - "K:\Install FreeAgent Tools.exe" /run

.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 07:06:19 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - amitabh.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 10:48:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-16 10:49:09
ComboFix-quarantined-files.txt 2008-03-16 14:49:01
.
2008-03-15 07:01:11 --- E O F ---

Hijackthis update is as below

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:21 AM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Gizmo Project\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinTVR3\Schedule.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Gizmo Project\Gizmo.exe
C:\Documents and Settings\amitabh\My Documents\clonedvd and anydvd\Clone DVD + AnyDVD + Crack & Serial\AnyDVD\AnyDVD Crack\AnyDVD.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\TRENDnet.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bat\X_Bat.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Schedule] "C:\Program Files\WinTVR3\Schedule.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O5 "LPT1:" /M "Stylus CX4200"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P35 "EPSON Stylus CX4200 Series (Copy 1)" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Gizmo Project] "C:\Program Files\Gizmo Project\Gizmo.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Documents and Settings\amitabh\My Documents\clonedvd and anydvd\Clone DVD + AnyDVD + Crack & Serial\AnyDVD\AnyDVD Crack\AnyDVD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe (User 'Default user')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10958 bytes
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - S-1-5-18 Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe (User 'Default user')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe



Now click on Fix Checked and then close Hijackthis.
====================================
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\didduid.ini
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\system32\winfrun32.bin
Folder::
C:\Program Files\180search assistant
C:\Program Files\180solutions
C:\Program Files\180searchassistant
C:\Program Files\zango
C:\Program Files\Sysmnt
C:\Program Files\stc
C:\Documents and Settings\All Users\Application Data\Rabio
C:\Program Files\Bat
Dirlook::
C:\WINDOWS\system32\runtime
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F7460B-C831-4142-A4AA-5EC303EC4343}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#5
amit123

amit123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Wow Kahdah. U are superb. I think problem is resolved.

Nevertheless here are the logs for hijackthis and combofix.

Hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:29 PM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Gizmo Project\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinTVR3\Schedule.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Gizmo Project\Gizmo.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\amitabh\My Documents\clonedvd and anydvd\Clone DVD + AnyDVD + Crack & Serial\AnyDVD\AnyDVD Crack\AnyDVD.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\TRENDnet.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Norton AntiVirus\NAVW32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Schedule] "C:\Program Files\WinTVR3\Schedule.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O5 "LPT1:" /M "Stylus CX4200"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P35 "EPSON Stylus CX4200 Series (Copy 1)" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Gizmo Project] "C:\Program Files\Gizmo Project\Gizmo.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Documents and Settings\amitabh\My Documents\clonedvd and anydvd\Clone DVD + AnyDVD + Crack & Serial\AnyDVD\AnyDVD Crack\AnyDVD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9530 bytes

Combofix

ComboFix 08-03-14.4 - 2008-03-16 12:15:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.550 [GMT -4:00]
Running from: C:\Documents and Settings\amitabh\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\amitabh\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\didduid.ini
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\system32\winfrun32.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio
C:\Program Files\180search assistant
C:\Program Files\180search assistant\180sa.exe
C:\Program Files\180search assistant\sau.exe
C:\Program Files\180searchassistant
C:\Program Files\180searchassistant\saap.exe
C:\Program Files\180searchassistant\sac.exe
C:\Program Files\180solutions
C:\Program Files\180solutions\sais.exe
C:\Program Files\Bat
C:\Program Files\Bat\Bat.dll.intermediate.manifest
C:\Program Files\Bat\Bat.exe
C:\Program Files\Bat\Bat.info
C:\Program Files\Bat\Bat.original
C:\Program Files\Bat\Info.dll
C:\Program Files\Bat\un_BatSetup_15041.exe
C:\Program Files\Bat\un_BatSetup_15041.txt
C:\Program Files\Bat\X_Bat.exe
C:\Program Files\Bat\X_Bat.log
C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\Program Files\stc
C:\Program Files\stc\csv5p070.exe
C:\Program Files\Sysmnt
C:\Program Files\Sysmnt\Ssmgr.exe
C:\Program Files\zango
C:\Program Files\zango\zango.exe
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\default.htm
C:\WINDOWS\didduid.ini
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
.

2008-03-16 10:13 . 2008-03-16 10:13 <DIR> d-------- C:\New Folder
2008-03-16 10:10 . 2008-03-16 10:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-16 09:33 . 2008-03-16 09:33 <DIR> d-------- C:\_OTMoveIt
2008-03-16 09:25 . 2008-03-16 09:25 <DIR> d-------- C:\KAV
2008-03-15 20:54 . 2008-03-16 07:43 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-03-15 20:54 . 2008-03-15 20:54 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-15 20:49 . 2008-03-15 20:49 <DIR> d-------- C:\WINDOWS\system32\runtime
2008-03-13 07:54 . 2008-03-13 07:54 <DIR> d-------- C:\Documents and Settings\amitabh\Application Data\Property & Portfolio Research
2008-03-07 17:40 . 2008-03-07 17:40 <DIR> d-------- C:\Program Files\Property & Portfolio Research
2008-03-07 17:39 . 2008-03-07 17:39 <DIR> d-------- C:\Program Files\MapInfo MapX
2008-03-07 17:39 . 2008-03-07 17:39 <DIR> d-------- C:\Program Files\Crystal Decisions
2008-03-07 17:39 . 2008-03-07 17:39 <DIR> d-------- C:\Program Files\Common Files\Crystal Decisions
2008-03-07 17:37 . 2008-03-07 17:38 <DIR> d-------- C:\WINDOWS\system32\URTTemp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 16:14 --------- d-----w C:\Documents and Settings\amitabh\Application Data\uTorrent
2008-03-16 14:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-16 00:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-16 00:51 --------- d-----w C:\Program Files\Google
2008-02-02 21:53 --------- d-----w C:\Documents and Settings\amitabh\Application Data\Media Player Classic
2008-02-02 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-26 18:23 --------- d-----w C:\Program Files\SlySoft
2008-01-26 18:22 --------- d-----w C:\Program Files\Elaborate Bytes
2008-01-26 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-20 18:23 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-01-20 18:22 --------- d-----w C:\Program Files\DivX
2008-01-20 18:20 --------- d-----w C:\Program Files\ZC Video Converter
2007-12-17 08:11 120 ----a-w C:\drmHeader.bin
2006-02-23 18:52 280,576 ----a-w C:\WINDOWS\inf\TEW-421PC\MRV8335XP.sys
2006-02-23 18:52 280,576 ----a-w C:\WINDOWS\inf\TEW-421PC\MRV8335.sys
2006-02-23 18:52 212,992 ----a-w C:\WINDOWS\inf\TEW-421PC\CopyWHQLDriver.exe
2004-07-02 17:19 40,960 ----a-w C:\WINDOWS\inf\WG311v2\imdinst.exe
2004-06-18 04:41 386,688 ----a-w C:\WINDOWS\inf\WG311v2\netwg311_XP.sys
2004-04-04 18:07 84,912 ----a-w C:\WINDOWS\inf\WG311v2\FwRad17.bin
2004-04-04 18:07 83,320 ----a-w C:\WINDOWS\inf\WG311v2\FwRad16.bin
2004-02-04 17:53 62,865 ----a-w C:\WINDOWS\inf\WG311v2\odysseyIM3.sys
2004-02-04 17:53 12,739 ----a-w C:\WINDOWS\inf\WG311v2\odNetInstall.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\runtime ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChanger 2005"="C:\Program Files\ResChanger 2005\ResChanger2005.exe" [2005-05-26 20:30 885248]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-08 11:00 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Schedule"="C:\Program Files\WinTVR3\Schedule.exe" [2005-12-30 10:32 94208]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 08:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 07:06 7311360]
"nwiz"="nwiz.exe" [2005-12-10 07:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 07:06 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-01 12:45 155648]
"EPSON Stylus CX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.exe" [2005-03-08 05:00 98304]
"EPSON Stylus CX4200 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.exe" [2005-03-08 05:00 98304]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-15 20:49 29744]
"NWEReboot"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22 26248]
"Gizmo Project"="C:\Program Files\Gizmo Project\Gizmo.exe" [2007-06-15 18:00 3850240]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 02:33 45056]
"ElbyCheckAnyDVD"="C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" [2003-09-20 15:23 45056]
"AnyDVD"="C:\Documents and Settings\amitabh\My Documents\clonedvd and anydvd\Clone DVD + AnyDVD + Crack & Serial\AnyDVD\AnyDVD Crack\AnyDVD.exe" [2003-09-29 23:17 175616]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-07-16 09:19:08 124912]
NETGEAR WG311v2 Smart Configuration.lnk - C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 13:32:18 450560]
Wireless Configuration Utility HW.51.lnk - C:\WINDOWS\Installer\{29F15D3F-5B37-44DB-BB89-390B3AD1404E}\NewShortcut1.exe [2007-09-01 11:04:48 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 16:45 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote]
--a------ 2005-09-27 15:56 241664 C:\Program Files\WinTVR3\Remote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-08 11:00 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Gizmo Project\\mDNSResponder.exe"=
"C:\\Program Files\\Gizmo Project\\Gizmo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2006-03-29 22:39]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-15 20:49]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64633bd8-bf49-11da-8e2c-806d6172696f}]
\Shell\AutoRun\command - F:\Setup.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f09b8bf-8825-11dc-8a95-0016ec20b957}]
\Shell\AutoRun\command - "K:\Install FreeAgent Tools.exe" /run

.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 07:06:19 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - amitabh.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 12:17:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-16 12:18:00
ComboFix-quarantined-files.txt 2008-03-16 16:17:52
ComboFix2.txt 2008-03-16 14:49:10
.
2008-03-15 07:01:11 --- E O F ---
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Not quite yet :)

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#7
amit123

amit123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
There u go. This is the log of Malwarebytes. Again thanks a ton for your handholding me.Malwarebytes' Anti-Malware 1.08
Database version: 497

Scan type: Full Scan (A:\|C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Objects scanned: 153203
Time elapsed: 1 hour(s), 0 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 29

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{f663b917-591f-4172-8d87-3d7d729007ca} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bat.batbho (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bat.batbho.1 (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d279bc2b-a85b-4559-8fd9-ddc55f5d402d} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{b80a3586-caa5-41c8-89bf-e617f0b6cfbf} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bnddrive.band (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bnddrive.band.1 (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{231f6fab-eced-4975-9ef2-c0c7bc81927b} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{231f6fab-eced-4975-9ef2-c0c7bc81927b} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bnddrive.bho (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bnddrive.bho.1 (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{dcd2f298-bfa3-410f-8c21-b422af11f363} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{1f5e0ea2-abea-44c3-95ec-2d1e721fe95e} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\BATCO (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Batco (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\bat.DLL (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bat (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bat (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common Files\kkom\kkomd\class-barrel (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\kkom\kkomd\vocabulary (Malware.Trace) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\6.tmp.vir (Adware.Purityscan) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Bat\un_BatSetup_15041.exe.vir (Adware.Rabio) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinUninstaller.exe.vir (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{753CA1AF-E505-4E14-894C-30A76DEB78A5}\RP251\A0019971.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{753CA1AF-E505-4E14-894C-30A76DEB78A5}\RP251\A0019974.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{753CA1AF-E505-4E14-894C-30A76DEB78A5}\RP252\A0020199.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{753CA1AF-E505-4E14-894C-30A76DEB78A5}\RP252\A0020200.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{753CA1AF-E505-4E14-894C-30A76DEB78A5}\RP252\A0020203.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{753CA1AF-E505-4E14-894C-30A76DEB78A5}\RP252\A0020204.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{753CA1AF-E505-4E14-894C-30A76DEB78A5}\RP256\A0020263.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{753CA1AF-E505-4E14-894C-30A76DEB78A5}\RP257\A0020330.exe (Adware.Rabio) -> Quarantined and deleted successfully.
C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSNSA32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntnut32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SIPSPI32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
=================================================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#9
amit123

amit123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Well the report is huge. But as u asked here it is.

Also I do have kaspersky Internet Security CD with. Just never used it as I thought Norton was doinga good job. Apparently it wasn't. if I load kaspersky , I will need to remove Norton. Do u suggest that I do that.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 16, 2008 8:59:15 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/03/2008
Kaspersky Anti-Virus database records: 634270
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 123745
Number of viruses found: 11
Number of infected objects: 36
Number of suspicious objects: 1
Duration of the scan process: 01:58:00

Infected Object Name / Virus Name / Last Action
C:\13.tmp/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\13.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.ay skipped
C:\13.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.br skipped
C:\13.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.br skipped
C:\13.tmp NSIS: infected - 4 skipped
C:\36.tmp/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\36.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.ay skipped
C:\36.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.br skipped
C:\36.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.br skipped
C:\36.tmp NSIS: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-03-16_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP26C7650B.htm Infected: Trojan-Downloader.JS.Agent.nw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP70B051D7.htm Infected: Trojan-Downloader.JS.Agent.nw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APE71F9A96.htm Infected: Trojan-Downloader.JS.Agent.nw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\2CAE487F.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\7E5E0F29.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\amitabh\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\amitabh\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\amitabh\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\amitabh\Local Settings\Application Data\Google\Google Desktop\aca194c31dfa\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\amitabh\Local Settings\Application Data\Google\Google Desktop\aca194c31dfa\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\amitabh\Local Settings\Application Data\Google\Google Desktop\aca194c31dfa\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\amitabh\Local Settings\Application Data\Google\Google Desktop\aca194c31dfa\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\amitabh\Local Settings\Application Data\Google\Google Desktop\aca194c31dfa\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\amitabh\Local Settings\Application Data\Google\Google Desktop\aca194c31dfa\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\amitabh\Local Settings\Application Data\Google\Google Desktop\aca194c31dfa\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\amitabh\Local Settings\Application Data\Google\Google Desktop\aca194c31dfa\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\amitabh\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\amitabh\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\amitabh\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\amitabh\Local Settings\Temp\Perflib_Perfdata_cbc.dat Object is locked skipped
C:\Documents and Settings\amitabh\Local Settings\Temp\~DF7BC9.tmp Object is locked skipped
C:\Documents and Settings\amitabh\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\amitabh\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\amitabh\My Documents\Downloads\Caillou\Caillou 2x13 - Lost and Found.avi.!ut Object is locked skipped
C:\Documents and Settings\amitabh\My Documents\Downloads\Caillou\Caillou 3x06 - The World Around Me.avi.!ut Object is locked skipped
C:\Documents and Settings\amitabh\My Documents\Downloads\Caillou\Caillou 3x07 - Machines Brmmmm.avi.!ut Object is locked skipped
C:\Documents and Settings\amitabh\My Documents\Downloads\Caillou\Caillou 4x04 - Caillou the Musician.avi.!ut Object is locked skipped
C:\Documents and Settings\amitabh\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\amitabh\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\QooBox\Quarantine\C\3.tmp.vir/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\QooBox\Quarantine\C\3.tmp.vir/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.ay skipped
C:\QooBox\Quarantine\C\3.tmp.vir/stream Infected: not-a-virus:AdWare.Win32.Agent.ay skipped
C:\QooBox\Quarantine\C\3.tmp.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mgmrwmrv.exe.vir Infected: not-virus:Hoax.Win32.Renos.bee skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{753CA1AF-E505-4E14-894C-30A76DEB78A5}\RP257\A0020352.exe Infected: not-virus:Hoax.Win32.Renos.bee skipped
C:\System Volume Information\_restore{753CA1AF-E505-4E14-894C-30A76DEB78A5}\RP257\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
D:\Documents and Settings\Amitabh\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/24 Mar 2005 23:16 from [email protected]:Hi! :-)/Msg.zip/ifxej.exe Infected: Virus.Win32.Parite.b skipped
D:\Documents and Settings\Amitabh\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/24 Mar 2005 23:16 from [email protected]:Hi! :-)/Msg.zip Infected: Virus.Win32.Parite.b skipped
D:\Documents and Settings\Amitabh\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/21 Dec 2004 15:06 from Smith Barney:Customer Notice - Instructio.html Infected: Trojan-Spy.HTML.Smitfraud.c skipped
D:\Documents and Settings\Amitabh\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/24 Feb 2005 17:01 from Regions & Union Planters:Regions Bank 0nl.html Infected: Trojan-Spy.HTML.Bankfraud.dq skipped
D:\Documents and Settings\Amitabh\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/24 Mar 2005 23:22 from Mail Delivery Subsystem:Returned mail: se/24 Mar 2005 23:16 to [email protected]:Hey, dude, it's me ^_/TextDocument.zip/ifxej.exe Infected: Virus.Win32.Parite.b skipped
D:\Documents and Settings\Amitabh\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/24 Mar 2005 23:22 from Mail Delivery Subsystem:Returned mail: se/24 Mar 2005 23:16 to [email protected]:Hey, dude, it's me ^_/TextDocument.zip Infected: Virus.Win32.Parite.b skipped
D:\Documents and Settings\Amitabh\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/26 Oct 2005 09:37 from [email protected]:Does it matter?/details.zip/document.txt .exe Infected: Virus.Win32.Parite.b skipped
D:\Documents and Settings\Amitabh\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/26 Oct 2005 09:37 from [email protected]:Does it matter?/details.zip Infected: Virus.Win32.Parite.b skipped
D:\Documents and Settings\Amitabh\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/27 Oct 2005 06:22 from [email protected]:News/report01.zip/details.txt .pif Infected: Virus.Win32.Parite.b skipped
D:\Documents and Settings\Amitabh\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/27 Oct 2005 06:22 from [email protected]:News/report01.zip Infected: Virus.Win32.Parite.b skipped
D:\Documents and Settings\Amitabh\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/27 Oct 2005 07:49 from [email protected]:Mail Delivery (fa.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Documents and Settings\Amitabh\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/27 Oct 2005 07:49 from [email protected]:Mail Delivery (fa/message.scr Infected: Virus.Win32.Parite.b skipped
D:\Documents and Settings\Amitabh\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/08 Jan 2006 15:42 from [email protected]:Delivery Status No/08 Jan 2006 15:32 from [email protected]:Good day/readme.pif Infected: Net-Worm.Win32.Mytob.fi skipped
D:\Documents and Settings\Amitabh\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/08 Jan 2006 16:35 from [email protected]:Delivery Status No/08 Jan 2006 16:32 from [email protected]:hello/data.zip/data.cmd Infected: Net-Worm.Win32.Mytob.u skipped
D:\Documents and Settings\Amitabh\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/08 Jan 2006 16:35 from [email protected]:Delivery Status No/08 Jan 2006 16:32 from [email protected]:hello/data.zip Infected: Net-Worm.Win32.Mytob.u skipped
D:\Documents and Settings\Amitabh\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Mail MS Mail: infected - 14, suspicious - 1 skipped
D:\outlook.pst/Personal Folders/Inbox/21 Dec 2004 15:06 from Smith Barney:Customer Notice - Instructio.html Infected: Trojan-Spy.HTML.Smitfraud.c skipped
D:\outlook.pst Mail MS Mail: infected - 1 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{753CA1AF-E505-4E14-894C-30A76DEB78A5}\RP257\change.log Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\06lbh35v.zip Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\0kd3xn7d.zip Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\1394bus.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\3df5bbnr.dat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\3fhvvr33.dat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\3fhvvr33.zip Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\4hbjrnn7.zip Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\61883.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\6to4svc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\6to4svc.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\9bhbv9rl.dat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\access.cpl Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\accessor.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\accwiz.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\acgenral.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\acgenral.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\aclayers.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\aclua.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\aclui.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\acpi.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\acspecfc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\activeds.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\actmovie.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\actshell.htm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\actxprxy.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\acverfyr.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\acxtrnal.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\adcjavas.inc Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\adcvbs.inc Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\admin.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\admin.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\admin.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\admin.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\admparse.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\adojavas.inc Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\adovbs.inc Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\adsldp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\adsldpc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\adsmsext.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\adsnt.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\advapi32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\advpack.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\aec.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\afd.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\agentanm.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\agentctl.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\agentdp2.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\agentdpv.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\agentmpx.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\agentpsh.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\agentsr.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\agtctl15.tlb Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\agtintl.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\agtscrpt.js Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ahui.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\alg.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\alrsvc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\amdk6.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\amdk7.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\amstream.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\apphelp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\apphelp.sdb Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\apphelp.sdb.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\apph_sp.sdb Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\apph_sp.sdb.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\apps.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\apps.chm.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\apps_sp.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\apps_sp.chm.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\appwiz.cpl Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\appwiz.cpl.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\arial.ttf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\arialbd.ttf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\arp1394.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\asctrls.ocx Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\asferror.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\asferror.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\asfsipc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\asycfilt.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\at.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atapi.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ati2dvaa.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ati2dvag.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ati2mtaa.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ati2mtag.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ati3d1ag.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ati3d2ag.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atiixpaa.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atiixpag.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atinbtxx.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atinmdxx.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atinpdxx.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atinraxx.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atinrvxx.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atinsnxx.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atinttxx.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atintuxx.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atinxbxx.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atinxsxx.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atiradn1.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ativdaxx.ax Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ativmvxx.ax Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atixpwdm.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atl.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atm.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atmadm.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atmarpc.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atmfd.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atmlane.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\atmlib.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\au.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\audiosrv.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\author.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\author.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\author.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\author.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\authz.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\autochk.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\autoconv.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\autofmt.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\autolfn.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\avc.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\avifil32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\basesrv.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\batmeter.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\batt.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\bda.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\bda.inf.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\bdaplgin.ax Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\bdasup.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\bidispl.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\biosinfo.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\bitsprx2.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\bitsprx3.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\blackbox.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\blank.txt Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\bridge.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\browselc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\browser.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\browseui.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\browseui.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\browsewm.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cabinet.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cabview.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\callcont.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\callcont.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\camocx.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\catsrv.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\catsrvps.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ccdecode.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ccdecode.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ccdecode.sys.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cdfs.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cdfview.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cdm.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cdosys.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cdrom.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\certcli.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\certmgr.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cewmdm.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cewmdm.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cfgbkend.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cfgmgr32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cfgwiz.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cfgwiz.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\chajei.ime Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cimwin32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cimwin32.mfl Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cimwin32.mof Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cintime.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cintsetp.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ciodm.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cisvc.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\classpnp.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cliconfg.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cliconfg.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cliconfg.rll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\clipbrd.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\clusapi.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cmbatt.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cmcfg32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cmd.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cmdial32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cmdl32.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cmmon32.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cmprops.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cmstp.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cmutil.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cnbjmon.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\colbact.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\comadmin.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\comadmin.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\comctl32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\comdlg32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\comexp.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\comic.ttf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\compact.wmz Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\compatui.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\compstui.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\comrepl.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\comres.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\comuid.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\conf.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\confmrsl.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\conime.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\connected_data.htm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\connected_fr.htm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\connected_multiple.htm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\connected_networks.htm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\connected_wizard.htm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\corpol.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cpanel.chq Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cplexe.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cpu.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\credui.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\crusoe.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\crypt32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\crypt32.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cryptdlg.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cryptdll.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cryptext.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cryptnet.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cryptui.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cryptui.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cscdll.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cscript.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\cscui.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\csrsrv.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\csrss.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\custsat.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\d3d8.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\d3d8.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\d3d8thk.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\d3d9.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\d3dim700.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\danim.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dao360.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dataclen.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dataspec.xml Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\datetime.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\davclnt.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\daxctle.ocx Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dayi.ime Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dbghelp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dbmsrpcn.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dbnetlib.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dbnetlib.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dbnmpntw.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dcache.bin Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dcap32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dciman32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ddeshare.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ddraw.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ddraw.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ddrawex.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\default.htm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\defltwk.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\defrag.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\desk.cpl Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\devenum.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\devmgr.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\devxprop.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dfrgfat.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dfrgntfs.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dfrgsnap.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dfrgui.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dfsshlex.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dgnet.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dhcpcsvc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dhcpcsvc.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dhtmled.ocx Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dialer.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\diantz.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\digest.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dinput.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dinput8.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\directdb.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\disk.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\diskdump.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\diskpart.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dlimport.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dllhost.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmadmin.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmband.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmband.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmboot.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmcompos.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmcompos.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmdskmgr.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmime.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmime.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmio.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmloader.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmloader.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmremote.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmscript.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmscript.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmserver.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmstyle.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmstyle.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmsynth.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmusic.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmusic.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmusic.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dmutil.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dnsapi.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\docprop2.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dosx.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpcdll.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dplaysvr.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dplayx.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpmodemx.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpnaddr.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpnet.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpnet.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpnhpast.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpnhpast.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpnhupnp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpnhupnp.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpnlobby.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpnsvr.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpup.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpvacm.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpvoice.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpvoice.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpvsetup.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpvsetup.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpvvox.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpwsockx.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dpwsockx.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\drm.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\drmclien.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\drmclien.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\drmk.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\drmstor.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\drmstor.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\drmv2clt.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\drmv2clt.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\drprov.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\drvindex.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\drvmain.sdb Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ds32gt.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dsdmo.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dsdmoprp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dshowext.ax Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dskquota.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dskquoui.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dsound.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dsound3d.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dsprop.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dsprpres.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dsquery.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dssec.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dssenh.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dsuiext.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dswave.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dtsgnup.htm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dumprep.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\duser.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dvdupgrd.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dwup.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dwwin.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dwwin.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dx7vb.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dx8vb.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dxdiag.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dxdiag.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dxdiagn.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dxg.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dxmasf.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dxmrtp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dxtmsft.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\dxtrans.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\e4gdn7zv.zip Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\els.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\empty.txt Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\encapi.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\encapi.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\encdec.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\encdec.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\epz3nhjh.dat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\error.js Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ersvc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\es.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\es.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\esent.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\esscli.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\eudcedit.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\evconcepts.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\eventlog.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\evntagnt.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\evntcmd.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\evntrprv.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\evntwin.exe Object is locked skipped
D:\WINDOWS\$NtSe
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
looks as if some was cut off can you post it from this entry on please: D:\WINDOWS\$NtServicePackUninstall$\evntwin.exe Object is locked skipped
Thanks :)

Also yes I would get rid of Norton anyway but never have 2 antivirus programs running at once.
  • 0

Advertisements


#11
amit123

amit123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
there u go

D:\WINDOWS\$NtServicePackUninstall$\evntwin.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\explorer.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\explorer.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\expsrv.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\expsrv.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\extrac32.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fastfat.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fastprox.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\faultrep.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\faultrep.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\faxpatch.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fdc.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\feclient.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\filefold.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\filelist.xml Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\filelist.xml.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\filemgmt.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\file_srv.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\findstr.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fjzn7vrt.zip Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fldrclnr.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fldrclnr.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\flpydisk.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fontext.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fontview.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\footer.htm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp40ext.cab Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp40ext.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp40ext.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4amsft.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4amsft.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4anscp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4anscp.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4apws.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4apws.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4areg.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4areg.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4atxt.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4atxt.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4autl.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4autl.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4avnb.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4avnb.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4avss.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4avss.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4awebs.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4awebs.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4awel.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp4awel.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp98sadm.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp98sadm.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp98swin.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fp98swin.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fpadmcgi.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fpadmdll.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fpcount.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fpcount.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fpencode.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fpencode.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fpexedll.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fpexedll.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fpmmc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fpmmc.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fpmmcsat.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fpremadm.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fpremadm.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fpsrvadm.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fpsrvadm.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fpsrvadm.exe.001 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fpsrvwin.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\framebuf.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\framedyn.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ftp.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxsapi.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxsclnt.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxscom.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxscomex.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxscover.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxsdrv.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxsevent.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxsext32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxsmon.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxsocm.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxsocm.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxsperf.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxsres.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxsst.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxssvc.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxst30.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxstiff.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxsui.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxswzrd.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\fxsxp32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\gameenum.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\gckernel.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\gdi32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\gdi32.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\glu32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\gpkrsrc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\grpconv.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\guitrn.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\guitrn_a.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\h323.tsp Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\h323cc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\h323msp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hal.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hal.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\halaacpi.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\halacpi.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\halapic.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\halmacpi.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\halmps.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hardware.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hccoin.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hccoin.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hdwwiz.cpl Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\helpctr.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\helpctr.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hh.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hh.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hhctrl.ocx Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hhctrl.ocx.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hhsetup.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hhsetup.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hid.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hidclass.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hiddigi.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hidir.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hidparse.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hidphone.tsp Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hidserv.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hidserv.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hmmapi.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hnetcfg.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hnetwiz.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hostmib.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hotplug.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\howto.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hscupd.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hscupd.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hscxpsp1.cab Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\htui.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\hypertrm.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\i0v7hzzd.dat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\i81xnt5.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\i81xwfp0.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\i81xwfp1.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\i81xwfp2.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\i81xwfp3.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\i81xwfp4.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\i81xwtv0.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\i81xwtv1.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\i81xwtv2.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\i81xwtv3.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\i81xwtv4.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\iac25_32.ax Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\iasrad.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\icaapi.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\iccvid.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\icm32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\icmp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\iconlib.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ics.htm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\icwconn.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\icwconn1.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\icwconn2.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\icwdial.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\icwdl.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\icwhelp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\icwphbk.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\icwrmind.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\icwutil.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\idq.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ie.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ie4uinit.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ieaccess.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ieakeng.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ieaksie.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\iedkcs32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\iepeers.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\iernonce.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\iesetup.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ieuinit.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\iexplore.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\iexplore.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\iexpress.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ifmon.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\igmpagnt.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\iis.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ils.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imaadp32.acm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imagehlp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imapi.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imapi.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imekr61.ime Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imekrcic.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imeshare.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imgutil.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imjp81.ime Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imjp81k.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imjpcd.dic Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imjpcic.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imjpcus.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imjpdct.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imjpdct.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imjpdsvr.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imjpinst.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imjpmig.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imjprw.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imjputy.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imjputyc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\imm32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ims.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ims.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\inetcfg.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\inetcomm.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\inetcomm.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\inetcpl.cpl Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\inetmib1.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\inetpp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\inetppui.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\inetpref.xml Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\inetres.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\inetwiz.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\infrared.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\initpki.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\input.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\input.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\inseng.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\instcat.sql Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\intelide.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\intl.cpl Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\intl.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ip6fwapi.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ip6fwcfg.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ip6fwhlp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipconf.tsp Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipconfig.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\iphlpapi.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\iphlpapi.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipinip.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipnat.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ippromon.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipp_0002.asp Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipp_0004.asp Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipp_0005.asp Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipp_0006.asp Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipp_0007.asp Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipp_0008.asp Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipp_0009.asp Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipp_0010.asp Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipp_0011.asp Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipp_0012.asp Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipp_0014.asp Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipp_0016.asp Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipp_util.inc Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\iprip.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipsec.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipsecconcepts.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipsecsnp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipsecsvc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipsink.ax Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipsmsnap.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipv6.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipv6.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipv6.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipv6mon.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipv6mon.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ipxroute.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ir41_32.ax Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ir41_qc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ir41_qcx.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ir50_32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ir50_qc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ir50_qcx.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\irenum.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\irmon.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\isign32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\isrdbg32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\itircl.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\itircl.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\itss.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\itss.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\iuctl.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\iuengine.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ivfsrc.ax Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ixsso.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\iyuv_32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\joy.cpl Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\jscript.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\jsproxy.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb810217.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb810243.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb817778.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb820291.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb821253.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb822603.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb823182.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb824105.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb824141.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb824146.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb825119.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb826939.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb826942.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb828028.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb828035.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb828741.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb829558.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb833998.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb835732.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb837001.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb837272.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb839643-directx9.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb839645.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb840315.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb840374.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb841873.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kb842773.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kd1394.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kerberos.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kernel32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\keyboard.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\keymgr.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kmddsp.tsp Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kmixer.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\krnl386.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\krnlprov.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ks.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ks.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ks.sys.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kscaptur.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kscaptur.inf.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ksecdd.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ksfilter.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ksproxy.ax Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kstvtune.ax Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ksuser.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\kswdmcap.ax Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ksxbar.ax Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ksxbar.ax.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\l3codeca.acm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\l3codeca.acm.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\laprxy.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\laprxy.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\layout.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\lcladvd.xml Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\lcldocs.xml Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\lclmm.xml Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\licdll.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\license.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\licmgr10.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\licwmi.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\linkinfo.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\lmhsvc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\lmmib2.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\lmrt.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\loadperf.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\locale.nls Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\localsec.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\localspl.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\localui.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\locator.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\log.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\logagent.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\logagent.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\logo.gif Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\logon.scr Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\logonui.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\lpdsvc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\lpk.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\lprhelp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\lprmon.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\lsasrv.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\lsasrv.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\lsass.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ltmdmnt.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ltotape.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\luna.msstyles Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\luna.mst Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\machine.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\magnify.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\makecab.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mcastmib.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mchgr.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mciavi32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mciqtz32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mciseq.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mciwave.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mdac.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mdminst.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mdmirmdm.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\medctrro.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\memstpci.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mf.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mf3216.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mfc42.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mfc42u.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mfcsubs.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mgmtapi.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\micross.ttf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\midimap.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\migapp.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\migip.dun Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\migism.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\migism.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\migism_a.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\miglibnt.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\migload.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\migrate.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\migrate.js Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\migregdb.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\migsys.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\miguser.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\migwiz.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\migwiz.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\migwiz.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\migwiz_a.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\miniime.tpl Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\misc.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\miscp.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mlang.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mmc.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mmcbase.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mmcndmgr.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mmcshext.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mmfutil.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mmsys.cpl Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mmsystem.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mnmdd.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mnmsrvc.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mobsync.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mobsync.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mode.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\modem.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\modemui.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mofcomp.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mofd.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\moricons.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mouclass.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mountmgr.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\moviemk.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\moviemk.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\moviemk.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\moviemk.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mp43dmod.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mp4sdmod.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mpe.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mpe.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mpeg2data.ax Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mpg2splt.ax Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mpg2splt.ax.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mpg4dmod.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mpg4dmod.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mpg4ds32.ax Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mplay32.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mplayer2.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mplayer2.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mpr.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mprapi.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mpvis.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mrxdav.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msacm32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msadce.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msadcer.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msadcf.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msadcfr.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msadco.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msadcor.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msadcs.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msadds.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msadds32.ax Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msaddsr.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msader15.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msado15.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msado20.tlb Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msado21.tlb Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msado25.tlb Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msado26.tlb Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msadomd.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msador15.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msadox.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msadp32.acm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msadrh15.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msafd.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msapsspc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msasn1.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msaud32.acm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mscandui.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mscms.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msconf.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msconfig.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mscpx32r.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mscpxl32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msctf.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msctfime.ime Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msctfp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdadc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdaenum.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdaer.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdaipp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdaora.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdaorar.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdaosp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdaprsr.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdaprst.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdaps.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdarem.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdaremr.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdart.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdart.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdasc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdasql.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdasqlr.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdatl3.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdatsrc.tlb Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdatt.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdaurl.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdfmap.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdmo.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdtc.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdtclog.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdtcprx.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdtcprx.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdtctm.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdtcuiu.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdv.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdvbnp.ax Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdxm.ocx Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdxm.ocx.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msdxmlc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msexch40.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msexch40.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msexcl40.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msexcl40.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msfs.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msftedit.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msgina.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msgina.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msgpc.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msgr3en.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msgrocm.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msgsc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msgsc.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msgslang.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msgslang.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msgsvc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msh261.drv Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msh263.drv Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mshdc.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mshta.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mshtml.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mshtml.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mshtml.tlb Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mshtmled.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mshtmler.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msi.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msident.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msidle.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msieftp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msiexec.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msihnd.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msimain.sdb Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msimg32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msimn.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msimn.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msimsg.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msimtf.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msinfo.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msinfo32.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msiregmv.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msisip.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msjet40.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msjet40.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msjetol1.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msjint40.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msjro.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msjter40.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msjtes40.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msjtes40.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mskssrv.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mskssrv.sys.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mslbui.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msltus40.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msltus40.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mslwvtts.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msmsgs.cat Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msmsgs.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msmsgs.inf.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msnetmtg.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msnetobj.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msnetobj.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msnmsn.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msnsspc.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msobcomm.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msobdl.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msobe.isp Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msobmain.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msobshel.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msobshel.htm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msobweb.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msoe.chm Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msoe.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msoe.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msoe50.inf Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msoeacct.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msoeacct.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msoeres.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msoert2.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msoert2.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msorc32r.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msorcl32.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mspaint.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mspatcha.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mspbde40.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mspbde40.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mspclock.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mspmsnsv.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mspmsp.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mspmsp.dll.000 Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mspmspsv.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\mspqm.sys Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msprivs.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\msrating.dll Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
After the point that is cut off is there anything that says infected if there is that is all I need to see.
Let me know and we will continue.
  • 0

#13
amit123

amit123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
No nothing says infected
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok.
Please empty your Norton Quarantine.

Then delete these files:
C:\13.tmp
C:\36.tmp

Also you have some e-mails in your Inbox that need to be deleted
21 Dec 2004 15:06 from Smith Barney:Customer Notice - Instructio.html
24 Feb 2005 17:01 from Regions & Union Planters:Regions Bank 0nl.html
24 Mar 2005 23:22 from Mail Delivery Subsystem:Returned mail: se/24 Mar 2005 23:16 to [email protected]:Hey, dude, it's me ^_/TextDocument.zip/ifxej.exe
24 Mar 2005 23:22 from Mail Delivery Subsystem:Returned mail: se/24 Mar 2005 23:16 to [email protected]:Hey, dude, it's me ^_/TextDocument.zip
26 Oct 2005 09:37 from [email protected]:Does it matter?/details.zip
27 Oct 2005 06:22 from [email protected]:News/report01.zip
27 Oct 2005 07:49 from [email protected]:Mail Delivery
08 Jan 2006 15:42 from [email protected]:Delivery Status No/08 Jan 2006 15:32 from [email protected]:Good day/readme.pif
08 Jan 2006 16:35 from [email protected]:Delivery Status No/08 Jan 2006 16:32 from [email protected]:hello/data.zip



Then empty your recycle bin.
=========================
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image

Doing this unistalls Combofix and does the following:

  • Deletes ComboFix and its associated files and folders.
  • Deletes VundoFix backups, if present
  • Deletes the C:\Deckard folder, if present
  • Deletes the C:_OtMoveIt folder, if present
  • Resets the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete\uninstall anything that we used that is left over.
==============================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0

#15
amit123

amit123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks. I have removed Nrton and installed kaspersky. Hope this will save me on future
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP