-----------------------
ComboFix 08-05-01.1 - Administrator 05/02/2008 23:43:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.874.1.1033.18.286 [GMT 7:00]
Running from: E:\Documents and Settings\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 16:41 --------- d-----w E:\Documents and Settings\Administrator\Application Data\DMCache
2008-05-02 16:39 --------- d-----w E:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-02 16:39 --------- d-----w E:\Documents and Settings\Administrator\Application Data\IDM
2008-05-02 16:39 --------- d-----w E:\Documents and Settings\Administrator\Application Data\ESET
2008-05-02 16:39 --------- d-----w E:\Documents and Settings\Administrator\Application Data\EAST Technologies
2008-05-02 16:38 --------- d--h--w E:\Program Files\InstallShield Installation Information
2008-05-02 16:38 --------- d-----w E:\Program Files\Windows Media Connect 2
2008-05-02 16:38 --------- d-----w E:\Documents and Settings\Administrator\Application Data\Malwarebytes(2)
2008-05-02 16:38 --------- d-----w E:\Documents and Settings\Administrator\Application Data\Macromedia(2)
2008-05-02 16:38 --------- d-----w E:\Documents and Settings\Administrator\Application Data\Google(2)
2008-05-02 16:38 --------- d-----w E:\Documents and Settings\Administrator\Application Data\EAST Technologies(2)
2008-05-02 16:38 --------- d-----w E:\Documents and Settings\Administrator\Application Data\Adobe(2)
2008-05-02 12:42 --------- d-----w E:\Program Files\Trojan Remover
2008-05-02 09:48 --------- d-----w E:\Program Files\Malwarebytes' Anti-Malware
2008-05-02 09:48 --------- d-----w E:\Program Files\Common Files\Download Manager
2008-05-02 09:48 --------- d-----w E:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-02 06:06 --------- d-----w E:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-02 05:05 --------- d-----w E:\Program Files\Trend Micro
2008-05-02 01:13 499,712 ----a-w E:\WINDOWS\system32\msvcp71.dll
2008-05-02 01:13 348,160 ----a-w E:\WINDOWS\system32\msvcr71.dll
2008-05-02 01:13 --------- d-----w E:\Program Files\Common Files\xing shared
2008-05-02 01:13 --------- d-----w E:\Program Files\Common Files\Real
2008-05-01 15:39 --------- d-----w E:\Program Files\East-Tec Eraser 2006
2008-05-01 15:21 --------- d-----w E:\Program Files\Real
2008-05-01 15:11 --------- d-----w E:\Program Files\Internet Download Manager
2008-05-01 15:06 --------- d-----w E:\Program Files\IncrediMail
2008-05-01 14:57 --------- d-----w E:\Program Files\Microsoft.NET
2008-05-01 14:57 --------- d-----w E:\Program Files\Microsoft ActiveSync
2008-05-01 14:51 --------- d-----w E:\Program Files\Ahead
2008-05-01 14:50 --------- d-----w E:\Program Files\Common Files\Nero
2008-05-01 14:48 --------- d-----w E:\Program Files\Common Files\Ahead
2008-05-01 14:48 --------- d-----w E:\Documents and Settings\All Users\Application Data\Ahead
2008-05-01 14:40 --------- d-----w E:\Program Files\Common Files\Adobe
2008-05-01 14:39 --------- d-----w E:\Program Files\Windows Live
2008-05-01 14:30 --------- d-----w E:\Program Files\Ashampoo
2008-05-01 14:29 484,352 --sh--w E:\Program Files\Common Files\mscom.dll
2008-05-01 14:29 259,072 --sh--w E:\Program Files\Common Files\mscome.exe
2008-05-01 14:29 20,480 --sh--w E:\Program Files\Common Files\smsse.exe
2008-05-01 14:23 --------- d-----w E:\Documents and Settings\All Users\Application Data\ESET
2008-05-01 14:06 --------- d-----w E:\Program Files\Java
2008-05-01 14:06 --------- d-----w E:\Program Files\Common Files\Java
2008-05-01 14:02 --------- d-----w E:\Program Files\CPE17
2008-05-01 13:47 --------- d-----w E:\Program Files\Viewpoint
2008-05-01 13:46 --------- d-----w E:\Program Files\Common Files\InstallShield
2008-05-01 10:36 --------- d-----w E:\Program Files\ESET
2008-05-01 06:37 --------- d-----w E:\Program Files\Google
2008-03-13 20:52 71,176 ----a-w E:\WINDOWS\system32\drivers\epfw.sys
2008-03-13 20:52 54,280 ----a-w E:\WINDOWS\system32\drivers\epfwtdi.sys
2008-03-13 20:52 30,728 ----a-w E:\WINDOWS\system32\drivers\epfwndis.sys
2008-03-13 20:44 29,704 ----a-w E:\WINDOWS\system32\drivers\easdrv.sys
2008-03-13 20:43 40,456 ----a-w E:\WINDOWS\system32\drivers\eamon.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="E:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [11/27/2007 11:18 PM 5724184]
"IncrediMail"="E:\Program Files\IncrediMail\bin\IncMail.exe" [05/01/2008 10:08 PM 200747]
"IDMan"="E:\Program Files\Internet Download Manager\IDMan.exe" [02/03/2006 11:09 PM 831488]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:56 AM 15360]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [05/01/2008 01:37 PM 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [02/19/2007 05:37 AM 61952 E:\WINDOWS\system32\HDAShCut.exe]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [12/19/2005 12:44 PM 7331840]
"nwiz"="nwiz.exe" [12/19/2005 12:44 PM 1519616 E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [12/19/2005 12:44 PM 86016]
"protect_autorun"="E:\Program Files\CPE17\cpe17antiautorun1325.exe" [02/15/2008 09:26 AM 139264]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 02:42 PM 144784]
"NeroFilterCheck"="E:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 09:50 PM 155648]
"IMJPMIG8.1"="E:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [02/19/2007 05:39 AM 208952]
"MSPY2002"="E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 05:31 AM 59392]
"PHIME2002ASync"="E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:32 AM 455168]
"PHIME2002A"="E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:32 AM 455168]
"egui"="E:\Program Files\ESET\ESET Smart Security\egui.exe" [03/14/2008 03:48 AM 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:56 AM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [08/14/2007 05:39 AM 123904 E:\WINDOWS\system32\advpack.dll]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"E:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"E:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"E:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F62g62BC-4266-43f0-B6ED-9D76C4202C7E}]
E:\Program Files\Common Files\mscome.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 23:43:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 05/02/2008 23:45:13
ComboFix-quarantined-files.txt 2008-05-02 16:44:57
ComboFix2.txt 2008-05-02 16:08:36
Pre-Run: 33,919,447,040 bytes free
Post-Run: 33,911,427,072 bytes free
121
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
now the log of things moved to Deckard's back up (which the bot reproduced some stuff over there too!)
Directories/Files moved to E:\Deckard\System Scanner\backup
2008-05-02 09:22:05 12818 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\control.xml
2001-11-05 20:30:50 165376 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLB1A2B.EXE
2008-05-01 13:47:45 0 d-------- E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Google Toolbar
2008-05-01 13:37:58 848 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GoogleToolbarInstaller1.log
2008-05-01 13:37:58 139988 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GoogleToolbarInstaller2.log
2001-09-05 17:24:02 344923 -ra------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IEC76.tmp
2008-05-02 08:29:52 1994 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT9790.xml
2008-05-02 08:29:52 426 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT9791.xml
2008-05-02 08:29:53 707348 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT9792.xml
2008-05-02 08:30:39 1994 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT979D.xml
2008-05-02 08:30:39 426 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT979E.xml
2008-05-02 08:30:39 707348 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT979F.xml
2008-05-02 08:30:39 1994 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT97A0.xml
2008-05-02 08:30:39 426 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT97A1.xml
2008-05-02 08:30:39 707348 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT97A2.xml
2008-05-02 08:32:04 1994 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT97AD.xml
2008-05-02 08:32:04 426 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT97AE.xml
2008-05-02 08:32:04 707348 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT97AF.xml
2008-05-02 08:32:04 1994 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT97B0.xml
2008-05-02 08:32:04 426 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT97B1.xml
2008-05-02 08:32:05 707348 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT97B2.xml
2008-05-02 08:32:17 1994 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT97B3.xml
2008-05-02 08:32:18 426 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT97B4.xml
2008-05-02 08:32:18 707348 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT97B5.xml
2008-05-02 08:32:18 1994 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT97B6.xml
2008-05-02 08:32:18 426 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT97B7.xml
2008-05-02 08:32:18 707348 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IMT97B8.xml
2008-05-02 09:41:38 0 d-------- E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IncrediMail
2008-05-02 11:01:16 360 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jusched.log
2008-05-01 14:03:14 0 d-------- E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache
2008-05-01 15:48:14 917504 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MFPL7014.DLL <Not Verified; Macromedia, Inc.; Shockwave Flash>
2008-05-01 15:32:46 0 d-------- E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OHotfix
2008-05-01 13:29:56 0 d-------- E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\outlook logging
2007-02-19 05:40:13 819200 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\setup_wm.exe <Verified; Microsoft Corporation; Microsoft® Windows Media Player>
2008-05-01 13:47:59 308780 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp0.exe <Not Verified; RealNetworks, Inc.; RealNetworks Installer (32-bit)>
2008-05-01 13:55:20 308780 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp1.exe <Not Verified; RealNetworks, Inc.; RealNetworks Installer (32-bit)>
2008-05-01 14:03:32 46021 --a-----t E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TFR6B.tmp
2008-05-01 14:03:32 46660 --a-----t E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TFR6C.tmp
2008-05-01 14:03:32 59218 --a-----t E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TFR71.tmp
2008-05-01 14:03:32 21122 --a-----t E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TFR75.tmp
2008-05-01 14:03:32 67994 --a-----t E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TFR79.tmp
2008-05-01 14:03:32 62753 --a-----t E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TFR7D.tmp
2008-05-01 14:03:32 23262 --a-----t E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TFR81.tmp
2008-05-01 14:03:32 23427 --a-----t E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TFR85.tmp
2008-05-01 14:10:43 36182 --a-----t E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TFRC1.tmp
2008-05-01 14:10:43 28671 --a-----t E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TFRC2.tmp
2008-05-02 09:22:51 803998 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wmp11AU.cab
2008-05-02 09:36:56 13762 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wmsetup.log
2008-05-02 10:56:19 0 d-------- E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WPDNSE
2004-06-27 11:00:00 77257 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_iu14D2N.tmp <Not Verified; ; Inno Setup>
2008-05-02 10:07:54 7269 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~WRD0000.doc
2008-05-02 10:22:36 37376 --a------ E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~WRS0001.tmp
2008-05-01 13:47:13 2333 --a------ E:\WINDOWS\temp\HTT127.tmp
2008-05-01 14:00:24 3797788 --a------ E:\WINDOWS\temp\HTT17.tmp
2008-05-01 16:42:41 5161 --a------ E:\WINDOWS\temp\HTT1F4.tmp
2008-05-01 13:47:13 2500 --a------ E:\WINDOWS\temp\HTT26.tmp
2008-05-01 16:42:41 1614 --a------ E:\WINDOWS\temp\HTT51C.tmp
2008-05-01 13:54:40 4001 --a------ E:\WINDOWS\temp\HTT6.tmp
2008-05-01 16:42:41 2398 --a------ E:\WINDOWS\temp\HTT679.tmp
2008-05-01 16:01:29 7969 --a------ E:\WINDOWS\temp\HTT67A.tmp
2008-05-01 13:54:40 5117411 --a------ E:\WINDOWS\temp\HTT9.tmp
-*- End of Logfile -*-
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Lastly the Kaspersky's last log before I tried to get rid of it my self (but to no avail!)
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 02, 2008 7:57:54 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/05/2008
Kaspersky Anti-Virus database records: 735377
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 48081
Number of viruses found: 4
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 00:47:41
Infected Object Name / Virus Name / Last Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{2961F562-8920-4D02-86D4-D9DB6389A0EE}\RP19\change.log Object is locked skipped
E:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\UserData\index.dat Object is locked skipped
E:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
E:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
E:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
E:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008050220080503\index.dat Object is locked skipped
E:\Documents and Settings\Administrator\Local Settings\Temp\~DFACEB.tmp Object is locked skipped
E:\Documents and Settings\Administrator\Local Settings\Temp\~DFACF8.tmp Object is locked skipped
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
E:\Documents and Settings\Administrator\My Documents\Downloads\Programs\Download_mbam-setup.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
E:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\Administrator\NTUSER.DAT.LOG Object is locked skipped
E:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Charon\CACHE.NDB Object is locked skipped
E:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\epfwlog.dat Object is locked skipped
E:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\virlog.dat Object is locked skipped
E:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\warnlog.dat Object is locked skipped
E:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped
E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped
E:\Program Files\Common Files\mscom.dll Infected: Backdoor.Win32.Delf.dpx skipped
E:\Program Files\Common Files\mscome.exe Infected: Backdoor.Win32.Delf.dpz skipped
E:\Program Files\Common Files\smsse.exe Infected: Backdoor.Win32.Delf.dqa skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{2961F562-8920-4D02-86D4-D9DB6389A0EE}\RP17\A0002483.exe Infected: Backdoor.Win32.Delf.dpz skipped
E:\System Volume Information\_restore{2961F562-8920-4D02-86D4-D9DB6389A0EE}\RP19\change.log Object is locked skipped
E:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
E:\WINDOWS\SchedLgU.Txt Object is locked skipped
E:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
E:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
E:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\default Object is locked skipped
E:\WINDOWS\system32\config\default.LOG Object is locked skipped
E:\WINDOWS\system32\config\Internet.evt Object is locked skipped
E:\WINDOWS\system32\config\SAM Object is locked skipped
E:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
E:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\SECURITY Object is locked skipped
E:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
E:\WINDOWS\system32\config\software Object is locked skipped
E:\WINDOWS\system32\config\software.LOG Object is locked skipped
E:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\system Object is locked skipped
E:\WINDOWS\system32\config\system.LOG Object is locked skipped
E:\WINDOWS\system32\h323log.txt Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
Scan process completed.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@2
Please help, Thank you in advance.
dullajit from Thailand