Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Troj Win32.Qhost.r & Troj.JS.Redirector.b [RESOLVED]

Started by SHILORAVINN , Mar 23 2008 09:56 AM

  • This topic is locked This topic is locked

#1
SHILORAVINN
Posted 23 March 2008 - 09:56 AM

SHILORAVINN

    Member

  • Member
  • PipPip
  • 44 posts
My computer has slowed to a crawl and some programs won't work (PhotoShop for one). I found (1) Trojan Win32.Qhost.r and (119) Trojan.JS.Redirector.b (GULP!!)

Every time I re-boot, I get the prompt that Restarting is required before updating can continue. I always choose No.

I use AVG for virus scanning and I have SP1 installed.

I have done all of the steps requested before posting a HiJack This log and am enclosing those results here for you. Also, since I've ran so many tests, I'm not sure which program found the Trojans listed above. Sorry about that.

HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:46 AM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TEST\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....?linkid=4239037
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2f...earch.html?p=KL
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mpix.com/...geUploader4.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....302/Coupons.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mpix.com/...geUploader3.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 9747 bytes





UNINSTALL LIST:

360Share Pro(remove only)
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 8.1.2
Adobe Shockwave Player
American Greetings Crafts! 1.00
American Greetings CreataCard Select 6
Apple Software Update
AVG 7.5
AVG Anti-Spyware 7.5
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.0
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CleanUp!
Compatibility Pack for the 2007 Office system
Dell ResourceCD
Dell Solution Center
DellTouch
Folder Lock
FW LiveUpdate
GdiplusUpgrade
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Handmark® MobileDB™ for Palm OS
Handmark® PDA Money for palmOne
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Image Zone 4.0
HP Photo and Imaging 1.0 - PSC 2000 Series
HP Photo and Imaging 1.0 - PSC 2000 Series
HP Photo and Imaging 1.0 - PSC 2000 Series Drivers
hp psc 2100 series
HP Update
Image Transfer
IncrediMail Xe
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
Lucent Win Modem
Macromedia Flash Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Web Publishing Wizard 1.52
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MicroStaff WINASPI
Modem Helper
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero Suite
NVIDIA Windows 2000/XP Display Drivers
Palm Desktop
Panda ActiveScan
PhoneTools
PowerDVD
powerOne Personal v2.1.1 for Handhelds
PrintMaster
PRO200WL
QuickTime
RealPlayer
Recover My Files
Recover My Photos
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Shockwave
Shockwave Player
Shop'NCook
Sony USB Driver
Sound Blaster Live! Value
SplashMoney
SplashShopper
SUPERAntiSpyware Free Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live installer
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888240
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Winkflash Photo Manager
Yahoo! Address AutoComplete
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Toolbar
York Photo Wizard



PANDA ACTIVE SCAN RESULTS:

Incident Status Location

Adware:adware/coupons Not disinfected Windows Registry
Potentially unwanted tool:application/need2find Not disinfected HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}


AVG SPYWARE

This found Tracking Cookie.Netflame and Tracking Cookie.2o7 It said "All actions have been applied." But "No Reports Available."


SUPER ANTISPYWARE

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/23/2008 at 01:01 AM

Application Version : 4.0.1154

Core Rules Database Version : 3423
Trace Rules Database Version: 1415

Scan type : Complete Scan
Total Scan Time : 01:32:30

Memory items scanned : 359
Memory threats detected : 0
Registry items scanned : 6634
Registry threats detected : 0
File items scanned : 81938
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\TEST\Cookies\[email protected][1].txt
C:\Documents and Settings\TEST\Cookies\[email protected][1].txt



I would really really really appreciate your help. Thanks so much for your time.
  • 0

Advertisements

#2
Stamper19
Posted 26 March 2008 - 01:47 PM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi Shiloravinn,

Welcome to Geeks to Go!

My name is Stamper19 and I will be helping you with your Malware problem. During the course of our interactions please be sure to follow all instructions carefully, and ask questions if you are unsure of how to proceed at any point. :)

----------------------------------------------------------------

Please download Deckard's System Scanner (DSS) to your Desktop.

  • Close all applications and windows.
  • Double-click on DSS.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.

----------------------------------------------------------------

Information to include in your next post:
  • main.txt and extra.txt from DSS

  • 0

#3
SHILORAVINN
Posted 26 March 2008 - 04:54 PM

SHILORAVINN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hi Stamper19! Thanks so very much for your help. I will do my best to follow your instructions correctly! Here are the DSS logs you requested.

MAIN:

Deckard's System Scanner v20071014.68
Run by TEST on 2008-03-26 18:38:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-03-26 22:38:37 UTC - RP1408 - Deckard's System Scanner Restore Point
2: 2008-03-26 07:14:37 UTC - RP1407 - Software Distribution Service 3.0
1: 2008-03-25 23:44:13 UTC - RP1406 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as TEST.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:52 PM, on 3/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\TEST\Desktop\dss.exe
C:\DOCUME~1\TEST\Desktop\TEST.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....?linkid=4239037
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-284587905-2589800181-2619313026-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2f...earch.html?p=KL
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mpix.com/...geUploader4.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....302/Coupons.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mpix.com/...geUploader3.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 9769 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 PPCLASS - c:\windows\system32\drivers\ppclass.sys <Not Verified; Silitek Corporation.; >
R2 windrvNT - c:\windows\system32\windrvnt.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S4 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor5.0 (Adobe Active File Monitor V5) - c:\program files\adobe\photoshop elements 5.0\photoshopelementsfileagent.exe

S4 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description:
Device ID: ROOT\IMAGE\0001
Manufacturer: Hewlett-Packard
Name:
PNP Device ID: ROOT\IMAGE\0001
Service:

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description:
Device ID: ROOT\IMAGE\0002
Manufacturer: Hewlett-Packard
Name:
PNP Device ID: ROOT\IMAGE\0002
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-03-26 03:16:08 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-03-26 01:34:35 420 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B2BEDA78-5451-42BF-80D9-711A639D1A74}.job
2008-03-25 07:01:21 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-05-08 00:45:13 342 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1099011333.job


-- Files created between 2008-02-26 and 2008-03-26 -----------------------------

2008-03-22 21:15:08 0 d-------- C:\Documents and Settings\TEST\Application Data\Grisoft
2008-03-22 20:16:07 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-22 17:00:57 0 d------c- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-22 17:00:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-22 17:00:48 0 d-------- C:\Documents and Settings\TEST\Application Data\SUPERAntiSpyware.com
2008-03-22 16:59:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-22 01:24:35 0 d------c- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-22 01:24:29 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-22 01:14:23 0 d-------- C:\Documents and Settings\TEST\Application Data\Malwarebytes
2008-03-22 01:12:03 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-22 01:12:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-21 11:37:13 0 d-------- C:\Program Files\Shop'NCook 3.4
2008-03-21 11:36:56 0 d------c- C:\Documents and Settings\All Users\Application Data\{339435FA-E925-4791-9BFE-65E5B24DD2F3}
2008-03-20 15:56:42 23552 --a------ C:\WINDOWS\xobglu32.dll
2008-03-20 15:56:42 63488 --a------ C:\WINDOWS\xobglu16.dll
2008-03-06 20:30:40 0 d-------- C:\Program Files\QuickTime
2008-03-06 20:30:27 0 d------c- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-06 20:29:06 0 d-------- C:\Program Files\Apple Software Update
2008-03-06 20:29:06 0 d------c- C:\Documents and Settings\All Users\Application Data\Apple


-- Find3M Report ---------------------------------------------------------------

2008-03-23 09:09:27 0 d-------- C:\Program Files\Windows Defender
2008-03-23 09:08:19 0 d-------- C:\Program Files\Google
2008-03-23 08:57:59 456 --a------ C:\Documents and Settings\TEST\Application Data\SamsungLiveUpdateConfig.ini
2008-03-23 01:15:13 0 d-------- C:\Program Files\palmOne
2008-03-22 16:59:56 0 d-------- C:\Program Files\Common Files
2008-03-22 01:00:24 0 d-------- C:\Program Files\Macrogaming
2008-03-21 23:44:22 1411 --a------ C:\Program Files\Solitaire.lnk <SOLITA~1.LNK>
2008-03-21 23:25:02 0 d-------- C:\Documents and Settings\TEST\Application Data\Talkback
2008-03-21 22:38:26 0 d-------- C:\Program Files\Microsoft Picture It! 2002
2008-03-21 22:14:58 0 d-------- C:\Program Files\Spyware Doctor
2008-03-17 22:45:14 0 d-------- C:\Program Files\Java
2008-03-15 16:57:24 0 d-------- C:\Documents and Settings\TEST\Application Data\ZoomBrowser EX
2008-03-14 00:40:42 0 d-------- C:\Documents and Settings\TEST\Application Data\Adobe
2008-03-14 00:35:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-19 15:14:39 0 d-------- C:\Documents and Settings\TEST\Application Data\LimeWire
2008-02-16 01:00:58 0 d-------- C:\Program Files\Folder Lock
2008-02-13 02:39:56 0 d-------- C:\Program Files\Modem Helper
2008-02-13 02:39:52 0 d-------- C:\Program Files\Microsoft Money 2006
2008-02-13 00:48:08 0 d-------- C:\Program Files\Winkflash
2008-02-13 00:43:59 0 d-------- C:\Program Files\Serif
2008-02-13 00:40:41 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-02-12 02:34:03 0 d-------- C:\Documents and Settings\TEST\Application Data\AVG7
2008-02-07 19:38:36 0 d-------- C:\Program Files\Windows Live
2008-01-23 14:26:30 1781 --a------ C:\WINDOWS\mozver.dat
2008-01-16 01:05:50 0 --a----c- C:\WINDOWS\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zzzHPSETUP"="D:\Setup.exe" []
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [04/05/2007 03:29 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 05:24 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/24/2007 06:40 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 08:20 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [09/14/2006 07:55 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/17/2005 09:49 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" []
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 11:37 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/22/2008 11:26 PM]

C:\Documents and Settings\TEST\Start Menu\Programs\Startup\
DESKTOP.INI [11/15/2001 9:31:16 AM]
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [4/12/2004 3:25:16 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [11/15/2001 9:31:16 AM]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [5/29/2002 2:57:06 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 03/22/2008 11:26 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]
backup=C:\WINDOWS\pss\Camio Viewer 2000.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Internet Answering Machine.lnk]
backup=C:\WINDOWS\pss\Internet Answering Machine.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^SHILO^Start Menu^Programs^Startup^Forget Me Not.lnk]
backup=C:\WINDOWS\pss\Forget Me Not.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
C:\Program Files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]
C:\WINDOWS\DELLMMKB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTWinModem1]
ltmsg.exe 9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=3 (0x3)
"NVSvc"=2 (0x2)
"Nhksrv"=2 (0x2)
"ImapiService"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23a727ef-36d9-11d6-b2b6-806d6172696f}]
AutoRun\command- D:\install.exe /A




-- Hosts -----------------------------------------------------------------------

comments (such as these) may be inserted on individual
127.0.0.1 1ad2srvr-cpt-v1.com
127.0.0.1 www.1ad2srvr-cpt-v1.com
127.0.0.1 207-182-237-233.visionaire-us.com
127.0.0.1 www.207-182-237-233.visionaire-us.com
127.0.0.1 3721.com
127.0.0.1 www.3721.com
127.0.0.1 680180.net
127.0.0.1 www.680180.net
127.0.0.1 7search.com

8950 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-03-26 18:43:59 ------------





EXTRA
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.00GHz
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 511.01 MiB / 203.34 MiB
Pagefile Memory (total/avail): 1248.38 MiB / 853.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.89 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.21 GiB total, 8.57 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400BB-75CAA0 - 37.25 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.519 v7.5.519 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"="C:\\WINDOWS\\SYSTEM32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:TaskPanl"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\CallWave\\IAM.exe"="C:\\Program Files\\CallWave\\IAM.exe:*:Disabled:CallWave"
"C:\\Documents and Settings\\SHILO\\Local Settings\\Temporary Internet Files\\Content.IE5\\C1YRKLM3\\incredimail_install[1].exe"="C:\\Documents and Settings\\SHILO\\Local Settings\\Temporary Internet Files\\Content.IE5\\C1YRKLM3\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine (1.0 BETA)"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\palmOne\\HOTSYNC.EXE"="C:\\Program Files\\palmOne\\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\WINDOWS\\SYSTEM32\\java.exe"="C:\\WINDOWS\\SYSTEM32\\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Documents and Settings\\TEST\\Local Settings\\Temporary Internet Files\\Content.IE5\\03SR634N\\incredimail_install[1].exe"="C:\\Documents and Settings\\TEST\\Local Settings\\Temporary Internet Files\\Content.IE5\\03SR634N\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\Web Publish\\WPWIZ.EXE"="C:\\Program Files\\Web Publish\\WPWIZ.EXE:*:Enabled:Web Publishing Wizard executable"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\2nd Story Software\\TaxACT 2006\\TaxACT06.exe"="C:\\Program Files\\2nd Story Software\\TaxACT 2006\\TaxACT06.exe:*:Enabled:TaxACT Application"
"C:\\Documents and Settings\\TEST\\Local Settings\\Temporary Internet Files\\Content.IE5\\1NJA0XF8\\incredimail_install[1].exe"="C:\\Documents and Settings\\TEST\\Local Settings\\Temporary Internet Files\\Content.IE5\\1NJA0XF8\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\TEST\\Local Settings\\Temporary Internet Files\\Content.IE5\\UJHEOCT6\\incredimail_install[1].exe"="C:\\Documents and Settings\\TEST\\Local Settings\\Temporary Internet Files\\Content.IE5\\UJHEOCT6\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"="C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\TEST\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CONNIE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\TEST
LOGONSERVER=\\CONNIE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TEST\LOCALS~1\Temp
TMP=C:\DOCUME~1\TEST\LOCALS~1\Temp
USERDOMAIN=CONNIE
USERNAME=TEST
USERPROFILE=C:\Documents and Settings\TEST
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
TEST (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Creative\SBLive\Program\Upddrv2k.EXE
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\News\CTNews.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\CTMixer.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Diagnose2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\HTML.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Midi.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\PlayCenter2\Player2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Recorder\Recorder.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Restore.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SoundFont.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\WaveStudio\Wstudio.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
360Share Pro(remove only) --> "C:\Program Files\360Share Pro\bt-uninst.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop Elements 5.0 --> msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader for Palm OS, 3.05 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\Adobe Reader for Palm OS\AcroDesk.isu" -c"C:\Program Files\Adobe\Adobe Reader for Palm OS\unpdf.dll" -c"C:\Program Files\Adobe\Adobe Reader for Palm OS\unpdf.dll" -c"C:\Program Files\Adobe\Adobe Reader for Palm OS\unpdf.dll"
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
American Greetings Crafts! 1.00 --> c:\PROGRA~1\MINDSC~1\AGCraft\uninst32.exe /IFirs$
American Greetings CreataCard Select 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD> -l0x9 anything
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BufferChm -->
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Digital Photo Professional 3.0 --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Confidence Online™ for Web Applications --> C:\Documents and Settings\TEST\Application Data\WholeSecurity\CAT\WSUIEE.exe
CreativeProjects -->
CreativeProjectsTemplates -->
CueTour -->
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DellTouch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{706D5382-7381-4680-9DD0-161832578252}\setup.exe"
Director -->
Folder Lock --> C:\Program Files\Folder Lock\Uninstall.exe
Folder Lock --> C:\Program Files\Folder Lock\Uninstall.exe
FW LiveUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11F5D779-7BD9-465A-BBC4-10701386BCB9}\setup.exe" -l0x9 -removeonly
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Handmark® MobileDB™ for Palm OS --> C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\MobileDB for Palm OS\uninstal.log
Handmark® PDA Money for palmOne --> C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\PDA Money for Palm OS\uninstal.log
Help and Support Customization -->
HijackThis 2.0.2 --> "C:\Documents and Settings\TEST\Desktop\HijackThis.exe" /uninstall
HP Diagnostic Assistant -->
HP Image Zone 4.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 1.0 - PSC 2000 Series --> C:\Program Files\Hewlett-Packard\Digital Imaging\AiODriver\Drivers\Uninst\enu\hposcr01.exe -forcereboot -datfile hposcr01.dat
HP Photo and Imaging 1.0 - PSC 2000 Series --> MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}
HP Photo and Imaging 1.0 - PSC 2000 Series Drivers --> MsiExec.exe /X{ED93995E-8BF2-480F-8EA4-7D29E29A7052}
hp psc 2100 series --> rundll32 hpzcon05.dll,VendorJettison hp psc 2100 series
HP Update --> MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}
HPSystemDiagnostics -->
Image Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\Setup.exe" UNINSTALL
IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
InstantShare -->
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lucent Win Modem --> C:\WINDOWS\System32\ltremove.exe -s
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
Microsoft Works 6.0 --> MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Microsoft XML Parser -->
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\SETUP.EXE" ControlPanel
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
Overland -->
Palm Desktop --> MsiExec.exe /X{F1E906E7-1120-428D-A124-4938C306427E}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C1}\setup.exe" ControlPanel
PhotoGallery -->
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
powerOne Personal v2.1.1 for Handhelds --> C:\PROGRA~1\INFINI~1\POWERO~1\UNWISE.EXE C:\PROGRA~1\INFINI~1\POWERO~1\INSTALL.LOG
PrintMaster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DD144C1-5EAD-4D55-80A1-ACAF893A4FFE}\setup.exe" anything
PRO200WL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{280C7673-2DF8-4E74-B031-D8F108BE2A6D}\SETUP.EXE" -uninst
QFolder -->
QuickProjects -->
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Recover My Files --> "C:\Program Files\GetData\Recover My Files\unins000.exe"
Recover My Photos --> "C:\Program Files\GetData\Recover My Photos\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Shockwave Player --> MsiExec.exe /X{95D885F5-B696-11D5-9D1D-0050DAB14E03}
Shop'NCook --> "C:\Documents and Settings\All Users\Application Data\{339435FA-E925-4791-9BFE-65E5B24DD2F3}\shop'ncook all.exe" REMOVE=TRUE MODIFY=FALSE
SkinsHP1 -->
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sound Blaster Live! Value --> C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
SplashMoney --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AAE5284-700D-4AB0-B0FB-57B5C8A7D93B}\setup.exe" -l0x9
SplashShopper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0681859-D086-4384-B204-386FA7D80A5B}\setup.exe" -l0x9
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TrayApp -->
Unload -->
WebFldrs XP -->
WebReg -->
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Winkflash Photo Manager --> MsiExec.exe /I{9322DD07-3AF5-4742-B2A7-1DD4933E6EB9}
Works Suite OS Pack -->
Works Synchronization -->
Yahoo! Address AutoComplete --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar -->
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
York Photo Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01A2D7F7-00A4-4D46-A672-C5C06EB54CF1}\Setup.exe" -l0x9


-- Application Event Log -------------------------------------------------------

Event Record #/Type7844 / Success
Event Submitted/Written: 03/23/2008 08:53:50 AM
Event ID/Source: 2570 / Adobe Active File Monitor 5.0
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type7836 / Success
Event Submitted/Written: 03/23/2008 01:06:03 AM
Event ID/Source: 2570 / Adobe Active File Monitor 5.0
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type7834 / Warning
Event Submitted/Written: 03/23/2008 01:04:15 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type7827 / Success
Event Submitted/Written: 03/22/2008 11:21:45 PM
Event ID/Source: 2570 / Adobe Active File Monitor 5.0
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type7825 / Warning
Event Submitted/Written: 03/22/2008 09:19:40 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type21399 / Warning
Event Submitted/Written: 03/26/2008 06:43:04 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%CONNIE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %CONNIE27 can't undo changes that you allow.

For more information please see the following:
%CONNIE275

Scan ID: {E8A76FF1-3B6F-40C8-A48F-4B23A270DBFC}

User: CONNIE\TEST

Name: %CONNIE271

ID: %CONNIE272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %CONNIE276

Alert Type: %CONNIE278

Detection Type: 1.1.1593.02

Event Record #/Type21398 / Warning
Event Submitted/Written: 03/26/2008 06:43:04 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%CONNIE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %CONNIE27 can't undo changes that you allow.

For more information please see the following:
%CONNIE275

Scan ID: {B3CDB089-EDA0-4FD0-9A82-8AC1663796F6}

User: CONNIE\TEST

Name: %CONNIE271

ID: %CONNIE272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %CONNIE276

Alert Type: %CONNIE278

Detection Type: 1.1.1593.02

Event Record #/Type21388 / Warning
Event Submitted/Written: 03/24/2008 02:40:20 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%CONNIE27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your com
  • 0

#4
Stamper19
Posted 26 March 2008 - 05:31 PM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Happy to help out. Lets check one more thing before we get down to business.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#5
SHILORAVINN
Posted 26 March 2008 - 08:12 PM

SHILORAVINN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
SmitFraudFix v2.309

Scan done at 22:09:17.09, Wed 03/26/2008
Run from C:\Documents and Settings\TEST\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\TEST


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\TEST\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TEST\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"=""
"SubscribedURL"=""
"FriendlyName"=""


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\System32\\Userinit.exe"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: CNet PRO200WL PCI Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.254.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2495E7D3-ECFF-4E5E-BF5F-49CB73517F31}: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2495E7D3-ECFF-4E5E-BF5F-49CB73517F31}: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2495E7D3-ECFF-4E5E-BF5F-49CB73517F31}: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#6
Stamper19
Posted 26 March 2008 - 08:22 PM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi Shiloravinn,

Time to get to work.

Before we start getting things cleaned up, I see that you are running, or have previously installed, LimeWire. Although this application is not malware itself, the files downloaded with it are often a major source of infection. Hence, I strongly advise that it be removed. If you choose to do so, go to the Add/Remove Programs option in the Control Panel, and Uninstall LimeWire. Also, if you choose to remove LimeWire be sure to delete the folders C:\Documents and Settings\TEST\Application Data\LimeWire and C:\Program Files\LimeWire

----------------------------------------------------------------

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O1 - Hosts: comments (such as these) may be inserted on individual
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....302/Coupons.cab
O24 - Desktop Component 0: (no name) - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

----------------------------------------------------------------

Download the HostsXpert 4.2 - Hosts File Manager
  • Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
  • Run HostsXpert 4.2 - Hosts File Manager from its new home
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

----------------------------------------------------------------

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

----------------------------------------------------------------

Please re-run Deckard's System Scanner (DSS).

  • Close all applications and windows.
  • Double-click on DSS.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, a text file will open - Main.txt

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt from the C:\Deckard\System Scanner folder into your next reply.

----------------------------------------------------------------

Information to include in your next post:
  • Kapersky Scan Log
  • Main.txt from DSS

  • 0

#7
SHILORAVINN
Posted 26 March 2008 - 08:52 PM

SHILORAVINN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Stamper19 -

I have no idea what Limewire even is, so of course I have no problem deleting it. I deleted it from App Data, but it is not listed in Add/Remove programs or in the Programs list.

Next, I checked and fixed the items you requested in the HiJack This scan.

When I ran HostsXpert, I ran into a problem. After I clicked OK on the confirmation bar, I got an error message saying: Cannot create file C:\WINDOWS\System32\DRIVERS\ETC\Hosts.

Please advise.
Thanks!
  • 0

#8
Stamper19
Posted 27 March 2008 - 06:23 AM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi Shiloravinn,

Just skip that step for now and proceed with the others (kapersky scan and DSS).
  • 0

#9
SHILORAVINN
Posted 27 March 2008 - 06:54 AM

SHILORAVINN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
K - I'm running Kaspersky now - looks like it might take...all day! LOL Will post results from it and DSS when finished. Thanks again.
  • 0

#10
SHILORAVINN
Posted 27 March 2008 - 10:33 AM

SHILORAVINN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Well I guess I shouldn't have joked about Kaspersky taking all day to run - I have started it twice now and both times, it has stalled at 72%. :) It ran for over an hour, do you want me to let it run longer? I went ahead and ran DSS and am posting the 72% log and also the DSS log. I am starting to think a very large hammer to the CPU might speed things along... Will be waiting for more instructions.

------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 27, 2008 12:23:35 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/03/2008
Kaspersky Anti-Virus database records: 666904
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 50004
Number of viruses found: 4
Number of infected objects: 125
Number of suspicious objects: 0
Duration of the scan process: 01:24:45

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\AVG7QT.DAT Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-02122008-211855.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\TEST\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\TEST\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\TEST\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\TEST\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\TEST\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{13A4D584-FBB9-4E66-BD2A-3E18AF8B182D} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{1A9BDFC9-744B-447D-89DD-0CA6223F04CF} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{1E10DB56-A278-4BE3-B61E-80B44F3BB408} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{264C1CB3-CDBF-4158-BCDE-1A2C4DE4DC0E} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{3E838528-E6FA-4C90-87BC-2B5BDA3C0AEC} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5A281B96-90AC-4B4A-9BF4-43A1656985EA} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5C4363D8-A86C-445A-8E4D-06D8512C2A8B} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5F54AA99-9146-45E9-B83A-8B199FFF2ED3} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{65F8E28E-DE60-4F05-BDD6-FFF8D5B58A7C} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{6C7E4254-FCA1-496E-9AF2-2BCBA0BECC1A} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{7425B819-5B8C-4373-88A5-E9E54CC47DFB} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{76B5B2CC-0FAE-4333-BB0A-9864842A69FB} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{8FF9EE7F-753A-4B4F-AD99-7BC7EC0787C3} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{94EE76E1-40C1-465A-92E4-341FF09DA8FC} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{954FCC99-EA50-4115-A26B-E34D37583C68} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{9B26A8B3-FC2B-4D3C-A305-D0B7A1F1D143} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{B0A62755-BAA4-49F0-8595-358B9692C5FB} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{B36719DF-597A-485A-92A4-8ACD0F117CD7} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{B369D95C-9DF8-4006-86D2-C7AB1675C87B} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{B8E1818A-8770-4AEC-958E-B5CF48C31BC3} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{BB1716D9-F583-4A49-B307-AA22C8CAC75C} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{BBF61B8C-DF07-4062-883E-DC1F1FB3784C} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CC424ADE-0500-4E5B-AB0D-8DF84F22C3A9} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{E0B6D0A1-64A3-4AAC-8E28-2FA0F615DED8} Object is locked skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{F2D00732-C535-4380-8470-71A0AD3F001F} Object is locked skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{F54031F8-3A9B-4469-AEF8-5CC2B34CAF3F} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\TEST\Local Settings\Temporary Internet Files\Content.IE5\CM41A27Z\PA189[1].htm Infected: Trojan-Downloader.JS.Psyme.hz skipped
C:\Documents and Settings\TEST\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\TEST\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\TEST\ntuser.dat.LOG Object is locked skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Akmout_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\ATT18EA.eml/Camp_CLICK_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\ATT18EA.eml Mail: infected - 1 skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Baker_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Baratlaut_click-onlineRX.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Betts_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Breez64_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\BUY_GREAT_MALENLARGER.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\BUY_HERBALVIAGRA.HTM Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\BUY_MultiOrgasms.HTM Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\BUY_Online_RX.HTM Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\BUY_PERMANENTENLARG.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\BUY_SPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Carlawebster1_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Cathyates1_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Cathyates1_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Click_ThisAttachment_BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Doshebrios_click-onlineRX.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Doshebrios_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Early_Buy_HERBALVIAGRA.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Edl_nl_click-EXPLODING-ORGASMS.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Em_o_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Frtrus.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Goldberg_Buy_HERBALVIAGRA.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Guigui417_click-EXPLODING-ORGASMS.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Guigui417_click-onlineRX.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Guigui417_click-ONLINE_PHARM.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Hoffman_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Houda3malson_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Houda3malson_click_PERMANENTGrowth.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Ivyun_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Iwascrazyonce_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Iwascrazyonce_click-onlineRX.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Iwascrazyonce_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Jfish99_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Junym7_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Ke_gina_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Kim_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Mimichula_Buy_IncreaseSpermCount.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Mimichula_click-EXPLODING-ORGASMS.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Mkman1_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Mkman1_click-onlineRX.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Nopantys_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\OpenThisHTML_FastDeliveryRXmed.HTM Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Pdewar3_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Peanutty_1_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Pickett_Buy_HERBALVIAGRA.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Sams_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Seacreature_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Shiloravinn_click-onlineRX.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\Steiner_Buy_HERBALVIAGRA.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{04A0D92D-D335-44CF-A206-DD9031350C46}\Frtrus.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{0D14B5EB-0A77-4B68-8AAD-2F799DCD8131}\Kim_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{112555EC-90EC-4881-9DBF-2F5A7606D4E0}\Cathyates1_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{155C8BCD-31E4-43F7-8D60-CC5F58CDCD74}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{1749A3B2-205B-40DC-8ABA-FD53FE884FD6}\Guigui417_click-EXPLODING-ORGASMS.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{184324CC-85F4-4ED7-9FD0-D6230F1D303A}\BUY_YOURSPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{1CDA6DAE-B579-46F6-B1A1-D4CB46F6C256}\click-WeightLossSensation.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{283F8C67-C938-494B-9242-6CC45B1131C8}\click-WeightLossSensation.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{2CF00A1C-4D5D-4928-B9EF-2CAD13E2DB41}\Cathyates1_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{2E61FB22-2BAA-4A19-807A-038E7EDBB6FB}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{405CCEAE-0314-49C8-B967-48CFC99C53EE}\Buy_Rx_Here.html Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{4A4EA576-20DD-411F-B796-B023D765F14D}\Mimichula_click-EXPLODING-ORGASMS.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{4A8E3AF0-BD52-44D5-A334-34AC02EFFAD0}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{4E122940-446D-4FCC-B798-15911827E025}\Buy_Rx_Here.html Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{5360BBAC-4D56-4409-B33F-FBE38F836015}\Edl_nl_click-EXPLODING-ORGASMS.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{5E6AAE4C-6F0C-4AAD-9A41-863FC16F23AC}\BUY_GREAT_MALENLARGER.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{5F5D4E49-2DDB-4571-A245-8F6E987E892D}\Buy_Rx_Here.html Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{691DC711-CA1D-4725-A4AA-8543D5EAAC14}\Buy_Rx_Here.html Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{6CEB5D78-8B92-46B3-817E-7973559CB2EE}\Buy_Rx_Here.html Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{7AF4A159-2034-4A03-B948-6E3FFBD3A978}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{83104962-5097-4F35-9B4C-25EA53B6AA59}\Jfish99_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{8411317A-BA03-4A55-A023-F17CA0D6DE2E}\Carlawebster1_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{85986E97-2FC4-4527-AE7E-302A30216BE0}\Edl_nl_click-EXPLODING-ORGASMS.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{8A9EA9F0-00F8-4BA0-A50F-CCFC80EC85CF}\Iwascrazyonce_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{9147F2EA-32C8-4C51-AB78-296042FABE9C}\Mimichula_click-EXPLODING-ORGASMS.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{9A4C5049-D1D6-40B7-BAE2-B97D29E89A38}\Buy_Rx_Here.html Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{A1063869-E473-48D9-BE08-7520E341FCA1}\Guigui417_click-EXPLODING-ORGASMS.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{A49EC42E-CC1B-4765-942D-73249A48DB45}\Ivyun_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{AB1A5DE7-A978-4208-B140-5CC819AF7955}\Breez64-Lose-10poundsIn10days.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{AC8E7832-639C-4B90-BC96-23998CBF09ED}\BUY_YOURSPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{B4F637E0-29BE-4B02-B69A-1A50326BEEF9}\Iwascrazyonce_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{B59E0ADF-56E5-4375-98C9-AC4B327ACB34}\click-WeightLossSensation.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{BB339202-5AB5-4B63-8D5B-F38F54496890}\Breez64_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{BD33FFF6-DC01-46CD-A092-F0786B5A96CC}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{C84D8AB3-EC81-49BC-BE6A-287970530731}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{D4D87E4A-D870-485D-83A9-0834D93CCD9D}\click-WeightLossSensation.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{E61C6FE7-5DC3-4919-946D-6ED92BB04C12}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{E896495F-DC2A-4932-98D8-A97471B74E0B}\Carlawebster1_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{EBE197AE-463A-4605-8AC1-ACC231487EFE}\Frtrus.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{EE962E4B-32B5-4A9B-8057-5D3B69F426CC}\ClickHere_Buy_DiscountedRx.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{F8980F9D-B3EA-4A6F-8329-75E46B4F59A9}\Jfish99_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments\{FF5F07B0-9B76-44AA-8593-3D3FEB7EFA8B}\Breez64_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped

Scan was interrupted by user!



DSS LOG

Deckard's System Scanner v20071014.68
Run by TEST on 2008-03-27 12:25:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as TEST.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:04 PM, on 3/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\TEST\Desktop\dss.exe
C:\DOCUME~1\TEST\Desktop\TEST.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....?linkid=4239037
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-284587905-2589800181-2619313026-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2f...earch.html?p=KL
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mpix.com/...geUploader4.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mpix.com/...geUploader3.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 8882 bytes

-- Files created between 2008-02-27 and 2008-03-27 -----------------------------

2008-03-26 22:47:21 0 d------c- C:\HostsXpert 4.2 - Hosts File Manager
2008-03-26 22:09:35 4172 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-22 21:15:08 0 d-------- C:\Documents and Settings\TEST\Application Data\Grisoft
2008-03-22 20:16:07 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-22 17:00:57 0 d------c- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-22 17:00:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-22 17:00:48 0 d-------- C:\Documents and Settings\TEST\Application Data\SUPERAntiSpyware.com
2008-03-22 16:59:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-22 01:24:35 0 d------c- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-22 01:24:29 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-22 01:14:23 0 d-------- C:\Documents and Settings\TEST\Application Data\Malwarebytes
2008-03-22 01:12:03 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-22 01:12:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-21 11:37:13 0 d-------- C:\Program Files\Shop'NCook 3.4
2008-03-21 11:36:56 0 d------c- C:\Documents and Settings\All Users\Application Data\{339435FA-E925-4791-9BFE-65E5B24DD2F3}
2008-03-20 15:56:42 23552 --a------ C:\WINDOWS\xobglu32.dll
2008-03-20 15:56:42 63488 --a------ C:\WINDOWS\xobglu16.dll
2008-03-06 20:30:40 0 d-------- C:\Program Files\QuickTime
2008-03-06 20:30:27 0 d------c- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-06 20:29:06 0 d-------- C:\Program Files\Apple Software Update
2008-03-06 20:29:06 0 d------c- C:\Documents and Settings\All Users\Application Data\Apple


-- Find3M Report ---------------------------------------------------------------

2008-03-23 09:09:27 0 d-------- C:\Program Files\Windows Defender
2008-03-23 09:08:19 0 d-------- C:\Program Files\Google
2008-03-23 08:57:59 456 --a------ C:\Documents and Settings\TEST\Application Data\SamsungLiveUpdateConfig.ini
2008-03-23 01:15:13 0 d-------- C:\Program Files\palmOne
2008-03-22 16:59:56 0 d-------- C:\Program Files\Common Files
2008-03-22 01:00:24 0 d-------- C:\Program Files\Macrogaming
2008-03-21 23:44:22 1411 --a------ C:\Program Files\Solitaire.lnk <SOLITA~1.LNK>
2008-03-21 23:25:02 0 d-------- C:\Documents and Settings\TEST\Application Data\Talkback
2008-03-21 22:38:26 0 d-------- C:\Program Files\Microsoft Picture It! 2002
2008-03-21 22:14:58 0 d-------- C:\Program Files\Spyware Doctor
2008-03-17 22:45:14 0 d-------- C:\Program Files\Java
2008-03-15 16:57:24 0 d-------- C:\Documents and Settings\TEST\Application Data\ZoomBrowser EX
2008-03-14 00:40:42 0 d-------- C:\Documents and Settings\TEST\Application Data\Adobe
2008-03-14 00:35:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-16 01:00:58 0 d-------- C:\Program Files\Folder Lock
2008-02-13 02:39:56 0 d-------- C:\Program Files\Modem Helper
2008-02-13 02:39:52 0 d-------- C:\Program Files\Microsoft Money 2006
2008-02-13 00:48:08 0 d-------- C:\Program Files\Winkflash
2008-02-13 00:43:59 0 d-------- C:\Program Files\Serif
2008-02-13 00:40:41 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-02-12 02:34:03 0 d-------- C:\Documents and Settings\TEST\Application Data\AVG7
2008-02-07 19:38:36 0 d-------- C:\Program Files\Windows Live
2008-01-23 14:26:30 1781 --a------ C:\WINDOWS\mozver.dat
2008-01-16 01:05:50 0 --a----c- C:\WINDOWS\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zzzHPSETUP"="D:\Setup.exe" []
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [04/05/2007 03:29 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 05:24 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/24/2007 06:40 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 08:20 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [09/14/2006 07:55 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/17/2005 09:49 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" []
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 11:37 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/22/2008 11:26 PM]

C:\Documents and Settings\TEST\Start Menu\Programs\Startup\
DESKTOP.INI [11/15/2001 9:31:16 AM]
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [4/12/2004 3:25:16 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [11/15/2001 9:31:16 AM]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [5/29/2002 2:57:06 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 03/22/2008 11:26 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]
backup=C:\WINDOWS\pss\Camio Viewer 2000.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Internet Answering Machine.lnk]
backup=C:\WINDOWS\pss\Internet Answering Machine.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^SHILO^Start Menu^Programs^Startup^Forget Me Not.lnk]
backup=C:\WINDOWS\pss\Forget Me Not.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
C:\Program Files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]
C:\WINDOWS\DELLMMKB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTWinModem1]
ltmsg.exe 9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=3 (0x3)
"NVSvc"=2 (0x2)
"Nhksrv"=2 (0x2)
"ImapiService"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23a727ef-36d9-11d6-b2b6-806d6172696f}]
AutoRun\command- D:\install.exe /A




-- End of Deckard's System Scanner: finished at 2008-03-27 12:26:59 ------------
  • 0

Advertisements

#11
Stamper19
Posted 27 March 2008 - 10:44 AM

Stamper19

    Expert

  • Expert
  • 1,992 posts
Yes - just let it run. Kapersky can take hours to finish, but it is a great scanner which typically makes it worth the wait. You could always let it run over night if you cant allow it to run during the day. If it freezes up again we will try something else, but it is possible it was just going slow rather than freezing, so lets let it run for a while.

Before you run Kapersky though do the following two steps - these might help speed it up.

Judging from the partial report it looks like you have a ton of infected email files in your incredimail client. Go ahead and empty this folder: C:\Program Files\IncrediMail\Data\Identities\{3F176F55-73A2-4F94-9A01-A79BA575B1C3}\Message Store\Attachments. That will clean out all the nasty attachments.

NEXT

Please clean out your temp files.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



After doing those try tunning Kapersky again, but just let it run for a good while this time.
  • 0

#12
SHILORAVINN
Posted 27 March 2008 - 10:56 AM

SHILORAVINN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Ok Stamper19, I just cleaned out those IM attachments - all 2,078 of them!!!!! Holy Cow!! And I ran ATF freeing up 656.109 MBs. I am off to run Kaspersky again, third time's a charm they say... I will let it run longer this time. Your help is GREATLY appreciated.
  • 0

#13
SHILORAVINN
Posted 27 March 2008 - 02:22 PM

SHILORAVINN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 27, 2008 4:21:11 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/03/2008
Kaspersky Anti-Virus database records: 667041
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 81016
Number of viruses found: 3
Number of infected objects: 31
Number of suspicious objects: 0
Duration of the scan process: 02:28:50

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\AVG7QT.DAT Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-02122008-211855.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\TEST\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\TEST\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\TEST\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\TEST\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\TEST\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{13A4D584-FBB9-4E66-BD2A-3E18AF8B182D} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{1A9BDFC9-744B-447D-89DD-0CA6223F04CF} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{1E10DB56-A278-4BE3-B61E-80B44F3BB408} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{264C1CB3-CDBF-4158-BCDE-1A2C4DE4DC0E} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{3E838528-E6FA-4C90-87BC-2B5BDA3C0AEC} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5A281B96-90AC-4B4A-9BF4-43A1656985EA} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5C4363D8-A86C-445A-8E4D-06D8512C2A8B} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5F54AA99-9146-45E9-B83A-8B199FFF2ED3} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{65F8E28E-DE60-4F05-BDD6-FFF8D5B58A7C} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{6C7E4254-FCA1-496E-9AF2-2BCBA0BECC1A} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{7425B819-5B8C-4373-88A5-E9E54CC47DFB} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{76B5B2CC-0FAE-4333-BB0A-9864842A69FB} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{8FF9EE7F-753A-4B4F-AD99-7BC7EC0787C3} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{94EE76E1-40C1-465A-92E4-341FF09DA8FC} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{954FCC99-EA50-4115-A26B-E34D37583C68} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{9B26A8B3-FC2B-4D3C-A305-D0B7A1F1D143} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{B0A62755-BAA4-49F0-8595-358B9692C5FB} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{B36719DF-597A-485A-92A4-8ACD0F117CD7} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{B369D95C-9DF8-4006-86D2-C7AB1675C87B} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{B8E1818A-8770-4AEC-958E-B5CF48C31BC3} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{BB1716D9-F583-4A49-B307-AA22C8CAC75C} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{BBF61B8C-DF07-4062-883E-DC1F1FB3784C} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CC424ADE-0500-4E5B-AB0D-8DF84F22C3A9} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{E0B6D0A1-64A3-4AAC-8E28-2FA0F615DED8} Object is locked skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{F2D00732-C535-4380-8470-71A0AD3F001F} Object is locked skipped
C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{F54031F8-3A9B-4469-AEF8-5CC2B34CAF3F} Infected: Trojan.Win32.Qhost.r skipped
C:\Documents and Settings\TEST\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\TEST\Local Settings\History\History.IE5\MSHist012008032720080328\index.dat Object is locked skipped
C:\Documents and Settings\TEST\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\TEST\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\TEST\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\TEST\ntuser.dat.LOG Object is locked skipped
C:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{8DD144C1-5EAD-4D55-80A1-ACAF893A4FFE}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{9770A25C-45A7-478E-AF50-4FDE53EED270}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.ilg Object is locked skipped
C:\Program Files\palmOne\Connie\HotSync.Log Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\1394bus.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\4vrfj1nd.zip Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\61883.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\6to4svc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\6wo8qhzf.zip Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\access.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\accessor.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\acgenral.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\aclayers.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\aclua.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\aclui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\acpi.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\acspecfc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\activeds.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\actmovie.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\actshell.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\actxprxy.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\acverfyr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\acxtrnal.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\adcjavas.inc Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\adcvbs.inc Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\admin.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\admin.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\admparse.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\adojavas.inc Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\adovbs.inc Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\adsldp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\adsldpc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\adsmsext.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\adsnt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\advapi32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\advpack.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\aec.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\afd.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agentanm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agentctl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agentdp2.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agentdpv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agentmpx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agentpsh.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agentsr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agp440.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agpcpq.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agtctl15.tlb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agtintl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\agtscrpt.js Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ahui.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\alg.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\alim1541.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\alrsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\amdagp.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\amdk6.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\amdk7.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\amstream.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\apphelp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\apphelp.sdb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\apph_sp.sdb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\apps.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\apps_sp.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\appwiz.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\arial.ttf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\arialbd.ttf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\arp1394.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\asctrls.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\asferror.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\asfsipc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\asycfilt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\at.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ati2dvaa.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ati2dvag.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ati2mtaa.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ati2mtag.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ati3d1ag.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ati3d2ag.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atiixpaa.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atiixpag.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atinbtxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atinmdxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atinpdxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atinraxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atinrvxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atinsnxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atinttxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atintuxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atinxbxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atinxsxx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atiradn1.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ativdaxx.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ativmvxx.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atixpwdm.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atm.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atmadm.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atmarpc.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atmfd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atmlane.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\atmlib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\au.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\audiosrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\author.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\author.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\authz.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\autochk.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\autoconv.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\autofmt.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\autolfn.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\av7drvzf.zip Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\avc.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\avifil32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\basesrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\batmeter.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\batt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\bda.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\bidispl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\biosinfo.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\bitsprx2.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\bitsprx3.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\blackbox.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\bridge.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\browselc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\browser.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\browseui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\browseui.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\browsewm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\bvhn9bdn.zip Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\bvrpwf2000.bud Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cabinet.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cabview.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\callcont.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\camocx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\catsrvps.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ccdecode.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cdfs.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cdfview.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cdm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cdosys.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\certcli.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\certmgr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cewmdm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cfgbkend.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cfgmgr32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cfgwiz.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\chajei.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cimwin32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cimwin32.mfl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cimwin32.mof Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cintime.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cintsetp.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ciodm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cjfb3n1b.zip Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\classpnp.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cliconfg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cliconfg.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cliconfg.rll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\clipbrd.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\clusapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cmbatt.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cmcfg32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cmd.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cmdial32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cmdl32.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cmmon32.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cmprops.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cmstp.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cmutil.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cnb240.bud Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comadmin.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comctl32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comdlg32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comexp.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comic.ttf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\compact.wmz Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\compatui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\compstui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comres.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\conf.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\confmrsl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\conime.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\connected_data.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\connected_fr.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\connected_multiple.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\connected_networks.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\connected_wizard.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\corpol.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cpanel.chq Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cplexe.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cpu.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\credui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\crusoe.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cryptdlg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cryptdll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cryptext.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cryptnet.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cryptui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cryptui.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cscdll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cscript.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\cscui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\csrsrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\csrss.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\d3d8.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\d3d8thk.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\d3dim700.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\danim.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dataclen.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dataspec.xml Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\datetime.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\davclnt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\daxctle.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dayi.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dbghelp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dbmsrpcn.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dbnetlib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dbnetlib.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dbnmpntw.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dcache.bin Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dcap32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dciman32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ddeshare.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ddraw.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ddrawex.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\default.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\defltwk.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\defrag.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\desk.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\devenum.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\devmgr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\devxprop.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dfrgfat.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dfrgntfs.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dfrgsnap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dfrgui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dfsshlex.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dgnet.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dhcpcsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dhtmled.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dialer.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\diantz.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\digest.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dinput.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dinput8.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\directdb.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\disk.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\diskdump.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\diskpart.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dlimport.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dllhost.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmadmin.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmband.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmboot.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmcompos.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmdskmgr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmime.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmio.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmloader.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmremote.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmscript.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmserver.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmstyle.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmsynth.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmusic.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmusic.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dmutil.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dnsapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\docprop2.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dosx.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpcdll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dplaysvr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dplayx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpmodemx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpnaddr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpnet.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpnhpast.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpnhupnp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpnlobby.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpnsvr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpup.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpvacm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpvoice.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpvsetup.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpvvox.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpwsockx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dpwsockx.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\drmclien.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\drmk.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\drmstor.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\drmv2clt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\drprov.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\drvindex.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\drvmain.sdb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ds32gt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dsdmo.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dsdmoprp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dshowext.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dskquota.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dskquoui.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dsound.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dsound3d.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dsprop.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dsprpres.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dsquery.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dssec.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dssenh.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dsuiext.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dswave.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dtsgnup.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\duser.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dvdupgrd.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dwup.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dwwin.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dx7vb.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dx8vb.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dxdiag.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dxdiag.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dxg.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dxmasf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dxmrtp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dxtmsft.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\dxtrans.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\els.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\encapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\encdec.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\error.js Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ersvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\es.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\es.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\esent.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\esscli.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\eudcedit.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\evconcepts.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\evntrprv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\expsrv.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\extrac32.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fastfat.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fastprox.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\faultrep.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\faxpatch.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\feclient.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\filefold.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\filelist.xml Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\filelist.xml.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\filemgmt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\file_srv.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\findstr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fldrclnr.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\flpydisk.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fontext.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fontview.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\footer.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp40ext.cab Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp40ext.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp40ext.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4amsft.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4anscp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4apws.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4areg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4atxt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4autl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4avnb.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4avss.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4awebs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp4awel.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp98sadm.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fp98swin.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fpadmcgi.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fpadmdll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fpcount.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fpencode.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fpexedll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fpmmc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fpmmcsat.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fpremadm.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fpsrvadm.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\framebuf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\framedyn.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ftp.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsclnt.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxscom.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxscomex.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxscover.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsdrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsevent.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsext32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsmon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsocm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsocm.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsperf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsres.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsst.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxssvc.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxst30.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxstiff.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxswzrd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\fxsxp32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\g2ufbr3z.zip Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\gameenum.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\gckernel.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\gdi32.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\glu32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\gpkrsrc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\grpconv.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\guitrn.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\guitrn_a.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\h323cc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\h3tvp7xr.zip Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hal.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\halaacpi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\halacpi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\halapic.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\halmacpi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\halmps.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hardware.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hbb5jlnb.dat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hccoin.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hdwwiz.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hh.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hh.exe.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hhctrl.ocx.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hhsetup.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hid.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hidclass.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hiddigi.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hidir.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hidparse.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hidphone.tsp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hidserv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hidserv.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hmmapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hnetcfg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hnetwiz.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hotplug.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\howto.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hschelp.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hscupd.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hscupd.exe.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hscxpsp1.cab Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\htui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\hypertrm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i2omgmt.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i2omp.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xnt5.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwfp0.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwfp1.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwfp2.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwfp3.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwfp4.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwtv0.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwtv1.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwtv2.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwtv3.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\i81xwtv4.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iac25_32.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iasrad.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icaapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iccvid.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icm32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icmp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iconlib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ics.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icwconn.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icwconn1.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icwconn2.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icwdial.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icwdl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icwhelp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icwphbk.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icwrmind.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\icwutil.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\idq.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ie.inf Object is locked skipped
C:\WINDOWS
  • 0

#14
SHILORAVINN
Posted 27 March 2008 - 02:26 PM

SHILORAVINN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
C:\WINDOWS\$NtServicePackUninstall$\ie4uinit.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ieaccess.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ieakeng.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ieaksie.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iedkcs32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iepeers.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iernonce.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iesetup.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ieuinit.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iexplore.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iexpress.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ifmon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\igmpagnt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iis.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ils.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imaadp32.acm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imagehlp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imapi.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imapi.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imekr61.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imekrcic.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imeshare.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imgutil.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjp81.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjp81k.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjpcd.dic Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjpcic.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjpcus.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjpdct.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjpdct.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjpdsvr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjpinst.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjpmig.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjprw.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjputy.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imjputyc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\imm32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ims.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ims.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inetcfg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inetcomm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inetcomm.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inetcpl.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inetmib1.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inetpp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inetppui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inetpref.xml Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inetres.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inetwiz.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\infrared.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\initpki.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\input.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\input.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\input.hlp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\input.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\inseng.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\instcat.sql Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\intelide.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\intl.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\intl.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipconf.tsp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipconfig.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iphlpapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipinip.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipnat.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ippromon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0002.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0004.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0005.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0006.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0007.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0008.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0009.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0010.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0011.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0012.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0014.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_0016.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipp_util.inc Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipsecconcepts.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipsecsnp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipsecsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipsmsnap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipv6.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipv6.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipv6mon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ipxroute.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ir41_32.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ir41_qc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ir41_qcx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ir50_32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ir50_qc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ir50_qcx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\irenum.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\irmon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\isign32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\isrdbg32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\itircl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\itircl.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\itss.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\itss.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iuctl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iuengine.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ivfsrc.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ixsso.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\iyuv_32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\joy.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\jscript.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\jsproxy.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\k779z1nl.dat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kb821557.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kb823182.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kb823559.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kb823980.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kb824105.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kb824141.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kb824146.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kb825119.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kb828028.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kb828035.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kb828741.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kb835732.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kb837001.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kb839643.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kb839645.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kb840315.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kb840374.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kb841873.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kb842773.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kd1394.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kerberos.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\keyboard.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\keymgr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kmddsp.tsp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kmixer.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\krnl386.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\krnlprov.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ks.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ks.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\kscaptur.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ksecdd.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ksfilter.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ksproxy.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ksuser.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ksxbar.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\l37fj7xb.dat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\l3codeca.acm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\langbar.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\laprxy.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\layout.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\lclmm.xml Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\licdll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\license.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\licmgr10.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\licwmi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\linkinfo.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\lmhsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\lmrt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\loadperf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\locale.nls Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\localsec.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\localspl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\localui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\locator.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\log.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\logagent.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\logo.gif Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\logon.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\logonui.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\lpk.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\lprhelp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\lsasrv.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\lsass.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ltmdmnt.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ltotape.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\luna.msstyles Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\luna.mst Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\m0s31zrv.dat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\machine.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\makecab.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mcastmib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mchgr.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mciavi32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mciqtz32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mciseq.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mciwave.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mdac.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mdminst.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mdmirmdm.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\medctrro.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\memstpci.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mf.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mfc42.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mfc42u.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mfcsubs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mgmtapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\micross.ttf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\midimap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migapp.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migip.dun Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migism.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migism.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migism_a.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\miglibnt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migload.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migrate.js Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migsys.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\miguser.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migwiz.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\migwiz_a.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\miniime.tpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\misc.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\miscp.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mlang.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mmc.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mmcbase.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mmcndmgr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mmcshext.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mmfutil.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mmsys.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mmsystem.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mnmdd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mnmsrvc.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mobsync.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mobsync.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mode.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\modem.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\modemui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mofcomp.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mofd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\moricons.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mouclass.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mountmgr.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\moviemk.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\moviemk.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\moviemk.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mpe.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mpg2splt.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mpg4dmod.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mpg4ds32.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mplay32.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mplayer2.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mplayer2.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mpr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mprapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mrxdav.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msacm32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadce.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadcer.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadcf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadcfr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadco.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadcor.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadcs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadds.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadds32.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msaddsr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msader15.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msado15.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msado20.tlb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msado21.tlb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msado25.tlb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msado26.tlb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadomd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msador15.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadox.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadp32.acm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msadrh15.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msafd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msapsspc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msaud32.acm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mscandui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mscms.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msconf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msconfig.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mscpx32r.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mscpxl32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msctf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msctfime.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msctfp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdadc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaenum.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaer.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaipp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaora.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaorar.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaosp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaprsr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaprst.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaps.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdarem.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaremr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdart.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdart.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdasc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdasql.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdasqlr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdatl3.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdatsrc.tlb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdatt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdaurl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdfmap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdmo.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdtc.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdtclog.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdtcprx.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdxm.ocx.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msdxmlc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msexch40.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msexcl40.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msfs.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msftedit.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msgina.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msgpc.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msgr3en.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msgrocm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msgsc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msgsc.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msgslang.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msgslang.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msh261.drv Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msh263.drv Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mshdc.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mshta.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mshtml.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mshtml.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mshtml.tlb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mshtmled.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mshtmler.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msident.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msidle.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msieftp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msiexec.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msihnd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msimain.sdb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msimg32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msimn.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msimn.exe.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msimsg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msimtf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msinfo.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msinfo32.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msisip.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msjet40.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msjro.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msjtes40.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mskssrv.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mslbui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msltus40.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mslwvtts.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msmsgs.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msmsgs.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msnetmtg.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msnetobj.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msnmsn.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msnsspc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msobcomm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msobdl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msobe.isp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msobmain.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msobshel.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msobshel.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msobweb.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msoe.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msoe.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msoe.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msoe50.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msoeacct.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msoeacct.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msoeres.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msoert2.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msoert2.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msorc32r.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msorcl32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mspaint.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mspatcha.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mspbde40.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mspmsp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mspmspsv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msprivs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msrating.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msrd2x40.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msrdp.cab Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msrdp.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msrepl40.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msrle32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mssap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msscds32.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msscp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msscript.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mst120.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mst123.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstape.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstask.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstask.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstask.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstee.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstext40.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstime.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstinit.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstinit.exe.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstlsapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstsc.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstsc.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstscax.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mstsweb.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msutb.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msv1_0.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msvbvm60.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msvcirt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msvcp60.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msvcrt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msvcrt40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msvfw32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msvidctl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msw3prt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mswebdvd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mswmdm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msxactps.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msxbde40.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msxml.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msxml2.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msxml3.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\msyuv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\muisetup.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\multimed.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mup.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mutohpen.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mydocs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\mymusic.inf Object is locked skipped
  • 0

#15
SHILORAVINN
Posted 27 March 2008 - 02:27 PM

SHILORAVINN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
C:\WINDOWS\$NtServicePackUninstall$\nabtsfec.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nac.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ncobjapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ncprov.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nddeapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nddeapir.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nddenb32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ndis.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ndisip.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ndisnpp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ndisuio.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ndiswan.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ndptsp.tsp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\net.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\net1.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netac300.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netapi32.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netbeac.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netbios.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netbt.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netbt.sys.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netcfg.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netcfgx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netdde.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netid.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netip6.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netman.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netmeet.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netmscli.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netoc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netoc.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netplwiz.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netrap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netrass.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netrtsnt.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netsetup.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netsh.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netshell.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netstat.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nettcpip.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nettun.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netui0.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netui1.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netupnph.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\network.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\netwzc.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\newdev.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nic1394.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nlhtml.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nmas.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nmasnt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nmchat.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nmcom.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nmft.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nmmkcert.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nmnt.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nmoldwb.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nmwb.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\notepad.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\npdrmv2.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\npdsplay.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\npfs.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nppagent.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\npptools.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\npwmsdrm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nslookup.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nt5.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nt5inf.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntchowto.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntdef.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntdetect.com Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntdll.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntdsapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntevt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntio.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntio404.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntio411.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntio412.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntio804.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntkrnlmp.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntkrnlmp.exe.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntkrpamp.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntkrpamp.exe.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntlanman.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntldr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntlsapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntmarta.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntmsapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntmsdba.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntmsmgr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntoc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntprint.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntprint.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntprint.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntshrui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntvdm.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nusrmgr.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nusrmgr.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nv4_disp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nv4_disp.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nv4_mini.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nvct.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nvdm.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nvts.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nwlnkipx.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\nwprovau.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oakley.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\obeip.dun Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\objsel.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\occache.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ocgen.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ocmsn.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbc32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbc32.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbc32gt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbcad32.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbcbcp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbcbcp.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbcconf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbcconf.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbcconf.rsp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbccp32.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbccp32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbccp32.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbccr32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbccu32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbcint.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbcji32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbcjt32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbcp32r.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odbctrac.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oddbse32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odexl32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odfox32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odpdx32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\odtext32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oeaccess.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oeimport.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oemig50.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oemiglib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\offfilt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ohci1394.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ole32.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oleaut32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oledb32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oledb32.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oledb32r.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oleprn.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\olepro32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oobe.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oobebaln.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oobeutil.js Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\opengl32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\oschoice.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\osk.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\osk.exe.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\osloader.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\osloader.ntd Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\osuninst.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\p3.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\packager.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\page1.asp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\parport.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\password.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pautoenr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pchealth.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pchshell.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pchsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pci.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pciidex.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pcmcia.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pdh.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\perfctrs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\perfdisk.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\perfmon.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\perfos.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\perfproc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\perm2.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\perm2dll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\perm3.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\perm3dd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\phon.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\phone.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\photowiz.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pid.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pidgen.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pinball.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ping.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pintlgnt.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pjlmon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\plyr_err.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pngfilt.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pnpscsi.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\polstore.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\portcls.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\powercfg.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\powrprof.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ppa3.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\printing.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\printui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\processr.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\proctexe.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\profmap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\progman.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\proquota.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\provthrd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ps5ui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\psapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\psbase.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\psched.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pscript5.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pstorec.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\pstorsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ptpusd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\q323255.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\q328310.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\q329048.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\q329115.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\q329170.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\q329390.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\q329441.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\q329834.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\q331953.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\q810565.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\q810577.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\q810833.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\q811493.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\q811630.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\q814033.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\q815021.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\q817287.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\q817606.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\q819696.cat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qasf.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qcap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qdv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qdvd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qedit.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qedwipes.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qfx3tf3p.dat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qmgr.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qmgrprxy.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qmgrprxy.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\qprocess.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\quartz.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\quartz.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\query.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\quick.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\racpldlg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ramdisk.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ramdisk.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rasadhlp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rasapi32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rasauto.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\raschap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rasdlg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rasl2tp.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rasman.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rasmans.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rasphone.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rasppp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\raspppoe.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\raspptp.sys.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rassapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rastapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rastls.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rcbdyctl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rcimlby.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rcp.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdbss.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdchost.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdpclip.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdpdd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdpdr.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdpsnd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdpwsx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdsaddin.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rdshost.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\redbook.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\redir.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\reg.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\regapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\regedit.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\regopt.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\regsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\regsvr32.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\regwizc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\related.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\remasst.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\remotepg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\remotesp.tsp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\repdrvfs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\resutils.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rexec.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\riched20.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rndismp.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\romanime.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rpcrt4.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rrcm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rsaenh.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rsh.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rshx32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rsmps.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rstrui.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rtcimsp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rtcshare.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rtipxmib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rtutils.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\runonce.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\s3nb.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\safemode.htt Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\safe_better.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\safe_easier.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\safe_faster.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\safe_fr.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\safrcdlg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\safrdm.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\safrslv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\samlib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\samsrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sapi.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\savedump.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sbe.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sbeio.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sblbh7bx.dat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sbp2port.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scarddlg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scardsvr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sccsccp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sceregvl.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scesrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\schannel.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\schedsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\schedsvc.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sclgntfy.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scrcons.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\script.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\script_a.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scrnsave.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scrobj.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scrrun.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scsi.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\scsiport.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sdbinst.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\seclogon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\secrecs.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\secupd.dat Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\secupd.sig Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\secur32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\security.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sendcmsg.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sendcmsg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sendmail.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sens.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sensapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\serial.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\servdeps.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\services.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sessmgr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sethc.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\setup.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\setup50.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\setupapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\setupqry.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\setup_wm.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sfc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sfc_os.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shdoclc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shdocvw.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shdocvw.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shell.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shell32.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shfolder.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shgina.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shimeng.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shimgvw.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shlwapi.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shl_img.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shmgrate.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shrpubw.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shscrap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shsvcs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shtml.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shtml.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\shutdown.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sigtab.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sigverif.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\simpdata.tlb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sisagp.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\skeys.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\skins.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\slayerxp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\slbcsp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\slbiop.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\slip.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sl_anet.acm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\smartcrd.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\smbali.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\smbbatt.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\smbclass.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\smi2smir.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\smlogcfg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\smlogsvc.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\smss.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\smtpsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sndrec32.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sniffpol.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\snmp.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\snmpapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\snmpcl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\snmpincl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\snmpsmir.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\snmpsnap.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\snmpthrd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\softkbd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sonydcam.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sortkey.nls Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sorttbls.nls Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\spgrmr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\spider.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\splitter.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\spoolss.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sptip.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sqloledb.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sqloledb.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sqloledb.rll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sqlsrv32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sqlsrv32.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sqlsrv32.rll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sqlunirl.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sqlxmlx.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sqlxmlx.rll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sr.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\srchctls.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\srchui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\srclient.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\srrstr.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\srv.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\srvsvc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sr_ui.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ss3dfo.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ssbezier.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ssdpapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ssdpsrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ssflwbox.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ssmarque.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ssmypics.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ssmyst.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sspipes.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ssstars.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sstext3d.scr Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sstub.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\start_control.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\start_desktop.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\start_ending.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\start_files.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\start_fr.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\start_icons.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\start_menu.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\start_taskbar.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\start_windows.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\stdprov.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sti.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\stimon.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sti_ci.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\stobject.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\storprop.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\stream.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\streamip.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\strmdll.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\stub_fpsrvadm.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\stub_fpsrvwin.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\swflash.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\swflash.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sxs.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\synceng.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\syncui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysaudio.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysdm.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysfiles.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysmain.sdb Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysmain.sdb.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysmod.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysmod_a.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysmon.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysoc.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysocmgr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sysrestore.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\syssetup.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\syssetup.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\sys_srv.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\t2embed.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tahoma.ttf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tahomabd.ttf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tape.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tape.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tapi3.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tapi32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tapisrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\taskmgr.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tcpip6.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tcpmib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tcpmon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tcpmon.ini Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tcpmonui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tcptest.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tcptsat.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tdc.ocx Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tdi.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\telnet.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\termdd.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\termmgr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tffsport.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\themeui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\timedate.cpl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\times.ttf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\timesbd.ttf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tintlgnt.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tip.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tourstart.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tourstrt.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tracert.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\triedit.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\trkwks.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tscfgwmi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tscfgwmi.mfl Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tscfgwmi.mof Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tscupgrd.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tsddd.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tshoot.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tsoc.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tsoc.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tsweb1.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\tunmp.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\twain_32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\udfs.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\udhisapi.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ulib.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\umandlg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\umpnpmgr.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unicdime.ime Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unidrv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unidrvui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\uniime.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unimdm.tsp Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unimdmat.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\uniplat.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unires.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unlock_built.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unlock_fr.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unlock_optimized.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unlock_playing.htm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\unregmp2.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\untfs.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\update.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\uploadm.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\upnp.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\upnpcont.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\upnphost.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\upnpui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ups.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\url.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\urlmon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\urlmon.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usb8023.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbaudio.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbccgp.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbehci.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbhub.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbintel.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbmon.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbohci.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbport.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbport.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbuhci.sys Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usbui.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\user32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\user32.dll.000 Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\useract.chm Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\userenv.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\userinit.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usmtdef.inf Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\usp10.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\utilman.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\uxtheme.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\vbisurf.ax Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\vbscript.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\vdmdbg.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\vdmredir.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\version.dll Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\vfwwdm32.dll Object is locked skipped
C:\WINDOWS\$NtServicePackU
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP