Tech Support banner
Status
Not open for further replies.
1 - 9 of 9 Posts

·
Registered
Joined
·
190 Posts
Discussion Starter · #1 ·
I got hit hard by a win 32 parite virus. It pretty much ruined a lot of my software (large majority of any .exe files). I downloaded AVG and it cleaned up some of the virus. I didn't have much that I couldn't replace on the computer so I just deleted all the stuff I could no longer open because the .exe files were done.

So now everything seems fine except for one big problem: I can't download anything!

When I try to download something I get the following message:
" C:\.....Temporary Internet Files\...."
"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

Even though this profile is the only one on the computer and has administrative rights.

Active scan:

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\FamilyCPU\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\FamilyCPU\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\FamilyCPU\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\FamilyCPU\Cookies\[email protected][2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\FamilyCPU\Cookies\[email protected][2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\FamilyCPU\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\FamilyCPU\Cookies\[email protected][2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\FamilyCPU\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/RealSpy Not disinfected C:\WINDOWS\system32\actskn45.ocx


Hijack Log:
Logfile of HijackThis v1.99.1
Scan saved at 8:33:39 PM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [P2kAutostart] F:\Documents and Settings\Alvarado Family\My Documents\V3\p2k-commander 3.3.0 Beta\P2kAutostart.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD7D5591-075A-442C-A290-FDDC294EEB7A}: NameServer = 192.168.1.1,192.168.1.2
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe
O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe

Thank you.
 

·
Registered
Joined
·
190 Posts
Discussion Starter · #2 ·
Update: this should save some time and confusion. I figured out the reason I couldn't download anything was because winrar wasn't on my system and I associated those file types with it. I copied it on a CD and brought it over. All seems to be good.

So that's one major problem down and out of the way.
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello em1,

I'd still like to give this system a good cleaning.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

******************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"


  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Download and install CleanUp! but do not run it yet. (Not Recommended for XP64).

--------------------------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
  • Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.
Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Also please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
        [*]Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware results
Kaspersky results
New HijackThis log
 

·
Registered
Joined
·
190 Posts
Discussion Starter · #4 ·
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:51:35 PM 1/11/2007

+ Scan result:



Nothing found.


::Report end


=====================================================
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, January 11, 2007 11:01:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/01/2007
Kaspersky Anti-Virus database records: 257877
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 74348
Number of viruses found: 2
Number of infected objects: 19 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:35:04

Infected Object Name / Virus Name / Last Action
C:\acer\Empowering Technology\eDataSecurity\decryption.exe Object is locked skipped
C:\acer\Empowering Technology\eDataSecurity\eDScsp.exe Object is locked skipped
C:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe Object is locked skipped
C:\acer\Empowering Technology\eDataSecurity\eDSloader.exe Object is locked skipped
C:\acer\Empowering Technology\eDataSecurity\eDSpsdref.exe Object is locked skipped
C:\acer\Empowering Technology\eDataSecurity\eDSrf.exe Object is locked skipped
C:\acer\Empowering Technology\eDataSecurity\eDStbmngr.exe Object is locked skipped
C:\acer\Empowering Technology\eDataSecurity\eDS_CCPSD.exe Object is locked skipped
C:\acer\Empowering Technology\eDataSecurity\encryption.exe Object is locked skipped
C:\acer\Empowering Technology\eRecovery\BurnMachine.exe Object is locked skipped
C:\acer\Empowering Technology\eRecovery\catply.exe Object is locked skipped
C:\acer\Empowering Technology\eRecovery\eRAgent.exe Object is locked skipped
C:\acer\Empowering Technology\eRecovery\eRecovery.exe Object is locked skipped
C:\acer\Empowering Technology\eRecovery\ImageItEncrypt.exe Object is locked skipped
C:\acer\Empowering Technology\eRecovery\LockKM2.exe Object is locked skipped
C:\acer\Empowering Technology\eRecovery\MBRwrWin.exe Object is locked skipped
C:\acer\Empowering Technology\eRecovery\OSCDIMG.EXE Object is locked skipped
C:\acer\Empowering Technology\ET-UI-DT-de.exe Object is locked skipped
C:\acer\Empowering Technology\ET-UI-DT-es.exe Object is locked skipped
C:\acer\Empowering Technology\ET-UI-DT-fr.exe Object is locked skipped
C:\acer\Empowering Technology\ET-UI-DT-it.exe Object is locked skipped
C:\acer\Empowering Technology\ET-UI-DT-ja.exe Object is locked skipped
C:\acer\Empowering Technology\ET-UI-DT-nl.exe Object is locked skipped
C:\acer\Empowering Technology\ET-UI-DT-pt.exe Object is locked skipped
C:\acer\Empowering Technology\ET-UI-DT-sv.exe Object is locked skipped
C:\acer\Empowering Technology\ET-UI-DT-zh-CHS.exe Object is locked skipped
C:\acer\Empowering Technology\ET-UI-DT-zh-CHT.exe Object is locked skipped
C:\acer\Empowering Technology\ET-UI-DT.exe Object is locked skipped
C:\acer\ERY.EXE Object is locked skipped
C:\Config.Msi\34f93.rbf Infected: Virus.Win32.Parite.b skipped
C:\Config.Msi\34f9b.rbf Infected: Virus.Win32.Parite.b skipped
C:\Config.Msi\398172.rbf Infected: Virus.Win32.Parite.b skipped
C:\Config.Msi\398173.rbf Infected: Virus.Win32.Parite.b skipped
C:\Config.Msi\3af7b27.rbf Infected: Virus.Win32.Parite.b skipped
C:\Config.Msi\3af7b2b.rbf Infected: Virus.Win32.Parite.b skipped
C:\Config.Msi\3af7b2e.rbf Infected: Virus.Win32.Parite.b skipped
C:\Config.Msi\3af7b45.rbf Infected: Virus.Win32.Parite.b skipped
C:\Config.Msi\3af7b4c.rbf Infected: Virus.Win32.Parite.b skipped
C:\Config.Msi\3af7b50.rbf Infected: Virus.Win32.Parite.b skipped
C:\Config.Msi\3af7b51.rbf Infected: Virus.Win32.Parite.b skipped
C:\Config.Msi\3af7b57.rbf Infected: Virus.Win32.Parite.b skipped
C:\Config.Msi\3af7b5f.rbf Infected: Virus.Win32.Parite.b skipped
C:\Config.Msi\3af7b64.rbf Infected: Virus.Win32.Parite.b skipped
C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pegasys Inc\TMPGEnc DVD Author\DVDWriter.exe Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pegasys Inc\TMPGEnc DVD Author\TMPGEncDVDAuthor.exe Object is locked skipped
C:\Documents and Settings\FamilyCPU\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\FamilyCPU\Application Data\Microsoft\Internet Explorer\UserData\index.dat Object is locked skipped
C:\Documents and Settings\FamilyCPU\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\FamilyCPU\Local Settings\Application Data\ApplicationHistory\SysMonitor.exe.49302a1.ini.inuse Object is locked skipped
C:\Documents and Settings\FamilyCPU\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\FamilyCPU\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\FamilyCPU\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\FamilyCPU\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\FamilyCPU\Local Settings\History\History.IE5\MSHist012007011120070112\index.dat Object is locked skipped
C:\Documents and Settings\FamilyCPU\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\FamilyCPU\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\FamilyCPU\My Documents\360pc Control\XBCDv107.exe Object is locked skipped
CC:\Documents and Settings\FamilyCPU\My Documents\V3\Motorola Explorer 0.93\mexplorer.exe Object is locked skipped
C:\Documents and Settings\FamilyCPU\My Documents\V3\Moto_3.23\mpt323.exe Object is locked skipped
C:\Documents and Settings\FamilyCPU\My Documents\V3\P2kMenu Editor\P2KMenuEditor.exe Object is locked skipped
C:\Documents and Settings\FamilyCPU\My Documents\V3\P2KTools\p2k drivers\Motorola Handset USB Driver.exe Object is locked skipped
C:\Documents and Settings\FamilyCPU\My Documents\V3\P2KTools\P2KTools.exe Object is locked skipped
C:\Documents and Settings\FamilyCPU\My Documents\V3\skinner4moto_v0.2.9 beta\skinner4moto.exe Object is locked skipped
C:\Documents and Settings\FamilyCPU\ntuser.dat Object is locked skipped
C:\Documents and Settings\FamilyCPU\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\DOTNETFX\DELTEMP.EXE Object is locked skipped
C:\DOTNETFX\DOTNETFX.EXE Object is locked skipped
C:\DOTNETFX\NDPSP.EXE Object is locked skipped
C:\DOTNETFX\REBOOTST.EXE Object is locked skipped
C:\drv\VGA0\nvudisp.exe Object is locked skipped
C:\epson\epson11532\SETUP\E_SCHK03.EXE Object is locked skipped
C:\I386\FAXPATCH.EXE Object is locked skipped
C:\I386\SYSPARSE.EXE Object is locked skipped
C:\I386\WINNT32.EXE Object is locked skipped
C:\Program Files\Ableton\Live 6.0.3\Install\UNWISE.EXE Object is locked skipped
C:\Program Files\Ableton\Live 6.0.3\Program\Live 6.0.3.exe Object is locked skipped
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe Object is locked skipped
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe Object is locked skipped
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe Object is locked skipped
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Object is locked skipped
C:\Program Files\Adobe\Acrobat 7.0\Reader\Updater\acroaum.exe Object is locked skipped
C:\Program Files\Bear Share\Installer\BSINSTALL.exe/WISE0024.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\Bear Share\Installer\BSINSTALL.exe/WISE0024.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\Bear Share\Installer\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\Bear Share\Installer\BSINSTALL.exe WiseSFX: infected - 3 skipped
C:\Program Files\Bear Share\Installer\BSINSTALL.exe WiseSFX Dropper: infected - 3 skipped
C:\Program Files\Codec Pack - All In 1\DivXconfig.exe Object is locked skipped
C:\Program Files\commercial\commercial_1024x768.exe Object is locked skipped
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriver.exe Object is locked skipped
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriver2.exe Object is locked skipped
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe Object is locked skipped
C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe Object is locked skipped
C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe Object is locked skipped
C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver2.exe Object is locked skipped
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe Object is locked skipped
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe Object is locked skipped
C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe Object is locked skipped
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe Object is locked skipped
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe Object is locked skipped
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05\launcher.exe Object is locked skipped
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05\patchjre.exe Object is locked skipped
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05\zipper.exe Object is locked skipped
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\launcher.exe Object is locked skipped
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\patchjre.exe Object is locked skipped
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\zipper.exe Object is locked skipped
C:\Program Files\Common Files\LightScribe\LSLauncher.exe Object is locked skipped
C:\Program Files\Common Files\LightScribe\LSSrvc.exe Object is locked skipped
C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE Object is locked skipped
C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE Object is locked skipped
C:\Program Files\Common Files\NewTech Infosystems\LiveUpdate\LiveUpdate.exe Object is locked skipped
C:\Program Files\Common Files\NewTech Infosystems\scheduler\Schdlr32.exe Object is locked skipped
C:\Program Files\comsummer\comsummer_1024x768.exe Object is locked skipped
C:\Program Files\CyberLink\PowerDVD\CLDMA.exe Object is locked skipped
C:\Program Files\CyberLink\PowerDVD\cltest.exe Object is locked skipped
C:\Program Files\CyberLink\PowerDVD\ddtester.exe Object is locked skipped
C:\Program Files\CyberLink\PowerDVD\dvdrgn.exe Object is locked skipped
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe Object is locked skipped
C:\Program Files\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe Object is locked skipped
C:\Program Files\EA SPORTS\EA SPORTS online\ATLJabber.exe Object is locked skipped
C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe Object is locked skipped
C:\Program Files\EA SPORTS\EA SPORTS online\SportsWrapper.exe Object is locked skipped
C:\Program Files\EA SPORTS\FIFA 07\eauninstall.exe Object is locked skipped
C:\Program Files\EA SPORTS\FIFA 07\fifa07.exe Object is locked skipped
C:\Program Files\EA SPORTS\FIFA 07\Support\EReg.exe Object is locked skipped
C:\Program Files\EA SPORTS\FIFA 07\Support\FIFA 07_code.exe Object is locked skipped
C:\Program Files\EA SPORTS\FIFA 07\Support\FIFA 07_uninst.exe Object is locked skipped
C:\Program Files\EnglishOtto\uninstallotto.exe Object is locked skipped
C:\Program Files\GemMaster\uninstallgemmaster.exe Object is locked skipped
C:\Program Files\Image-Line\Collab\Collab.exe Object is locked skipped
C:\Program Files\Image-Line\Collab\Uninstall.exe Object is locked skipped
C:\Program Files\Image-Line\Downloader\DownloadManager.exe Object is locked skipped
C:\Program Files\Image-Line\Downloader\Uninstall.exe Object is locked skipped
C:\Program Files\Image-Line\FL Studio 6.3 public beta\FL.exe Object is locked skipped
C:\Program Files\Image-Line\FL Studio 6.3 public beta\Plugins\Fruity\Generators\Chrome\GraphicsTester.exe Object is locked skipped
C:\Program Files\Image-Line\FL Studio 6.3 public beta\Plugins\Fruity\Generators\Chrome\TunnelProfiler.exe Object is locked skipped
C:\Program Files\Image-Line\FL Studio 6.3 public beta\System\Tools\BeatSlicer\zx_bs_d.exe Object is locked skipped
C:\Program Files\Image-Line\FL Studio 6.3 public beta\System\Tools\FLInstaller\FLInstaller.exe Object is locked skipped
C:\Program Files\Image-Line\FL Studio 6.3 public beta\Uninstall.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_06\bin\java.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_06\bin\javacpl.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_06\bin\javaws.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_06\bin\keytool.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_06\bin\kinit.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_06\bin\klist.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_06\bin\ktab.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_06\bin\orbd.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_06\bin\pack200.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_06\bin\policytool.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_06\bin\rmid.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_06\bin\rmiregistry.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_06\bin\servertool.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_06\bin\tnameserv.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_09\bin\java.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_09\bin\javacpl.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_09\bin\javaws.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_09\bin\keytool.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_09\bin\kinit.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_09\bin\klist.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_09\bin\ktab.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_09\bin\orbd.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_09\bin\pack200.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_09\bin\policytool.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_09\bin\rmid.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_09\bin\rmiregistry.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_09\bin\servertool.exe Object is locked skipped
C:\Program Files\Java\jre1.5.0_09\bin\tnameserv.exe Object is locked skipped
C:\Program Files\LiveUpdate\LiveUpdateLauncher.exe Object is locked skipped
C:\Program Files\M-Audio\Enigma\Enigma.exe Object is locked skipped
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Instl.exe Object is locked skipped
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Uninst.exe Object is locked skipped
C:\Program Files\Messenger\msmsgs.exe Object is locked skipped
C:\Program Files\Microsoft ActiveSync\Smart Tennis\Uninstall.exe Object is locked skipped
C:\Program Files\mobile PhoneTools\BVRPOlr.exe Object is locked skipped
C:\Program Files\mobile PhoneTools\Calendar.exe Object is locked skipped
C:\Program Files\mobile PhoneTools\LiveUpdateLauncher.exe Object is locked skipped
C:\Program Files\mobile PhoneTools\MMCenter.exe Object is locked skipped
C:\Program Files\mobile PhoneTools\mPhonetools.exe Object is locked skipped
C:\Program Files\mobile PhoneTools\Phonebk.exe Object is locked skipped
C:\Program Files\mobile PhoneTools\Venturi\Venturi.exe Object is locked skipped
C:\Program Files\mobile PhoneTools\Viewer.exe Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe Object is locked skipped
C:\Program Files\NewTech Infosystems\NTI Backup NOW! 4.5\CDBak32.exe Object is locked skipped
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\Avi2Mpeg.exe Object is locked skipped
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\Cdmkr32.exe Object is locked skipped
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\FileCD\FileCD.exe Object is locked skipped
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\JCMKR32.exe Object is locked skipped
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\LogFileViewer.exe Object is locked skipped
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\NDVD9To5.exe Object is locked skipped
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\NMPlay70.exe Object is locked skipped
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe Object is locked skipped
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\Play.exe Object is locked skipped
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\WvEdit32.exe Object is locked skipped
C:\Program Files\Plextor\PXAV100U\DirectX\DirectX9\dxsetup.exe Object is locked skipped
C:\Program Files\Plextor\PXAV100U\EM\EMClear-All.exe Object is locked skipped
C:\Program Files\Plextor\PXAV100U\EM\EMClear.exe Object is locked skipped
C:\Program Files\Plextor\PXAV100U\EM\HOST.EXE Object is locked skipped
C:\Program Files\QuickTime\PictureViewer.exe Object is locked skipped
C:\Program Files\QuickTime\QTInfo.exe Object is locked skipped
C:\Program Files\QuickTime\QTSystem\ExportController.exe Object is locked skipped
C:\Program Files\QuickTime\QTSystem\QuickTimeUpdateHelper.exe Object is locked skipped
C:\Program Files\QuickTime\qttask.exe Object is locked skipped
C:\Program Files\QuickTime\QuickTimePlayer.exe Object is locked skipped
C:\Program Files\Realtek\InstallShield\Alcmtr.exe Object is locked skipped
C:\Program Files\Realtek\InstallShield\AlcWzrd.exe Object is locked skipped
C:\Program Files\Realtek\InstallShield\ChCfg.exe Object is locked skipped
C:\Program Files\Realtek\InstallShield\KB888111xpsp2.exe Object is locked skipped
C:\Program Files\Realtek\InstallShield\MicCal.exe Object is locked skipped
C:\Program Files\Realtek\InstallShield\RTHDCPL.exe Object is locked skipped
C:\Program Files\Realtek\InstallShield\RTLCPL.exe Object is locked skipped
C:\Program Files\Realtek\InstallShield\RtlUpd.exe Object is locked skipped
C:\Program Files\Realtek\InstallShield\SkyTel.exe Object is locked skipped
C:\Program Files\Realtek\InstallShield\SoundMan.exe Object is locked skipped
C:\Program Files\TVUPlayer\AutoUpgrade.exe Object is locked skipped
C:\Program Files\TVUPlayer\TVUPlayer.exe Object is locked skipped
C:\Program Files\TVUPlayer\TVUPlayer2.3.0.exe Object is locked skipped
C:\Program Files\TVUPlayer\uninst.exe Object is locked skipped
C:\Program Files\Windows Media Connect 2\wmccds.exe Object is locked skipped
C:\Program Files\Windows Media Connect 2\WMCCFG.exe Object is locked skipped
C:\Program Files\Windows Media Player\wmlaunch.exe Object is locked skipped
C:\Program Files\Windows Media Player\wmpenc.exe Object is locked skipped
C:\Program Files\Windows Media Player\wmsetsdk.exe Object is locked skipped
C:\Program Files\Windows NT\hypertrm.exe Object is locked skipped
C:\Program Files\Windows Plus\Audio Converter\AudioConverter.exe Object is locked skipped
C:\Program Files\Windows Plus\CDLM\CDLM.exe Object is locked skipped
C:\Program Files\Windows Plus\Dancer\Dancer.exe Object is locked skipped
C:\Program Files\Windows Plus\Party Mode\PartyMode.exe Object is locked skipped
C:\Program Files\WinRAR\RarExtLoader1.exe Object is locked skipped
C:\Program Files\XBCD\uninst.exe Object is locked skipped
C:\Program Files\Xvid\AviC.exe Object is locked skipped
C:\Program Files\Xvid\MiniCalc.exe Object is locked skipped
C:\Program Files\Xvid\OGMCalc.exe Object is locked skipped
C:\Program Files\Xvid\StatsReader.exe Object is locked skipped
C:\Program Files\Xvid\unins000.exe Object is locked skipped
C:\Program Files\Xvid\vidccleaner.exe Object is locked skipped
C:\SUPPORT\TOOLS\ACT20.EXE Object is locked skipped
C:\SUPPORT\TOOLS\FASTWIZ.EXE Object is locked skipped
C:\SUPPORT\TOOLS\GBUNICNV.EXE Object is locked skipped
C:\SUPPORT\TOOLS\MSRDPCLI.EXE Object is locked skipped
C:\VALUEADD\3RDPARTY\MGMT\CITRIX\ICA32.EXE Object is locked skipped
C:\VALUEADD\MSFT\MGMT\IAS\IASNT4.EXE Object is locked skipped
C:\VALUEADD\MSFT\MGMT\PBA\PBAINST.EXE Object is locked skipped
C:\VALUEADD\MSFT\NET\TOOLS\TTCP.EXE Object is locked skipped
C:\VALUEADD\MSFT\USMT\ANSI\SCANST~1.EXE Object is locked skipped
C:\VALUEADD\MSFT\USMT\LOADST~1.EXE Object is locked skipped
C:\VALUEADD\MSFT\USMT\SCANST~1.EXE Object is locked skipped
C:\VALUEADD\MSFT\USMT\SCANST~2.EXE Object is locked skipped
C:\WINDOWS\$hf_mig$\KB867282\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB867282\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB873333\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB873333\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB873339\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB883939\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB883939\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB885250\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB885250\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB885835\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB885836\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB886185\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB887472\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB888113\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB888113\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB888302\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890046\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890046\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890047\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890047\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890175\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890175\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890859\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890923\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890923\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB891781\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB893086\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB893086\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB893756\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB893756\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB894391\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB896358\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB896422\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB896422\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB896423\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB896424\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB896424\update\arpidfix.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB896424\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB896428\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB896428\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB896727\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB896727\update\arpidfix.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB896727\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB898461\spupdsvc.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB898461\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB899587\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB899587\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB899588\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB899588\update\arpidfix.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB899588\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB899589\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB899589\update\arpidfix.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB899589\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB899591\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB900485\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB900725\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB900725\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB901017\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB901017\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB901190\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB901190\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB901214\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB902400\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB902400\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB904706\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB904706\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB905414\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB905414\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB905749\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB905749\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB905915\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB905915\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB908519\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB908519\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB910437\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB910437\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB911280\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB911562\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB911562\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB911567\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB911567\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB911927\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB912919\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB912919\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB913446\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB913446\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB913580\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB913580\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB914388\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB914388\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB914389\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB914389\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB915865\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB915865\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB916595\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB916595\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB917422\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB917422\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB917953\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB917953\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB918439\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB918439\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB919007\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB919007\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB920214\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB920214\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB920670\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB920670\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB920683\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB920683\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB920685\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB920685\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB920872\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB920872\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB922582\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB922582\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB922616\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB922616\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB922819\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB922819\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB923414\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB923414\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB923694\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB923694\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB923980\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB923980\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB924191\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB924191\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB924270\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB924270\update\update.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB926255\spuninst.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB926255\update\update.exe Object is locked skipped
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB890046_0$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB898444$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB900325$\ehrecvr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB900325$\mcrmgr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB900325$\sbeserver.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB900325$\sonicmmburnengine.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB904706_0$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB905589$\mcrmgr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB905589$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB908531$\verclsid.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB908531_0$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB914548$\ehrecvr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB914548$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$UninstallOCA-X86Fre-ENU$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\Alaunch.exe Object is locked skipped
C:\WINDOWS\Alcmtr.exe Object is locked skipped
C:\WINDOWS\alcwzrd.exe Object is locked skipped
C:\WINDOWS\AMove.exe Object is locked skipped
C:\WINDOWS\APanel.exe Object is locked skipped
C:\WINDOWS\Clearlnk.exe Object is locked skipped
C:\WINDOWS\commercial.scr Object is locked skipped
C:\WINDOWS\comsummer.scr Object is locked skipped
C:\WINDOWS\CreateLnk.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\dwusplay.exe Object is locked skipped
C:\WINDOWS\ehome\CreateDisc\pxhpinst.exe Object is locked skipped
C:\WINDOWS\ehome\CreateDisc\PxShare.exe Object is locked skipped
C:\WINDOWS\ehome\CreateDisc\SBEServer.exe Object is locked skipped
C:\WINDOWS\ehome\CreateDisc\SonicMMBurnEngine.exe Object is locked skipped
C:\WINDOWS\ehome\dw15.exe Object is locked skipped
C:\WINDOWS\ehome\ehHelp\tenfoothelp.exe Object is locked skipped
C:\WINDOWS\ehome\ehHelp1\tenfoothelp.exe Object is locked skipped
C:\WINDOWS\ehome\EhMCXIns.exe Object is locked skipped
C:\WINDOWS\ehome\McrdWmp.exe Object is locked skipped
C:\WINDOWS\ehome\mcrmgr.exe Object is locked skipped
C:\WINDOWS\ehome\WtDmpRep.exe Object is locked skipped
C:\WINDOWS\ehome\XBOXMCE05LITE.EXE Object is locked skipped
C:\WINDOWS\ie7\spuninst\ieResetIcons.exe Object is locked skipped
C:\WINDOWS\ie7\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\Installer\{4AD13F68-CADA-4C6B-9759-C33753F89908}\NewShortcut1_4AD13F68CADA4C6B9759C33753F89908.exe Object is locked skipped
C:\WINDOWS\Installer\{D755C7A3-C03E-4460-8C00-AC6E55505FB5}\NewShortcut1_C673DF680CDE41FC9DFBF63D31DE4F28.exe Object is locked skipped
C:\WINDOWS\Installer\{D755C7A3-C03E-4460-8C00-AC6E55505FB5}\NewShortcut2_C673DF680CDE41FC9DFBF63D31DE4F28.exe Object is locked skipped
C:\WINDOWS\kb913800.exe Object is locked skipped
C:\WINDOWS\MicCal.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Copy2Gac.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\csc.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\cvtres.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\gacutil.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ilasm.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ngen.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ToGac.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\vbc.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe Object is locked skipped
C:\WINDOWS\PowerOption.exe Object is locked skipped
C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe Object is locked skipped
C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe Object is locked skipped
C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\uwdf.exe Object is locked skipped
C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wdfmgr.exe Object is locked skipped
C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmupgds.exe Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{4BCC8B7E-3A9D-45EF-B30B-82F8A4E44F9B}.crmlog Object is locked skipped
C:\WINDOWS\RTLCPL.exe Object is locked skipped
C:\WINDOWS\RtlUpd.exe Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoundMan.exe Object is locked skipped
C:\WINDOWS\system32\CapabilityTable.exe Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\ChCfg.exe Object is locked skipped
C:\WINDOWS\system32\CheckD2DSystem.exe Object is locked skipped
C:\WINDOWS\system32\cliconfg.exe Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\davinci.scr Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drmupgds.exe Object is locked skipped
C:\WINDOWS\system32\EAL.EXE Object is locked skipped
C:\WINDOWS\system32\ERUpdateHidden.EXE Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\HdAShCut.exe Object is locked skipped
C:\WINDOWS\system32\ieudinit.exe Object is locked skipped
C:\WINDOWS\system32\java.exe Object is locked skipped
C:\WINDOWS\system32\javaw.exe Object is locked skipped
C:\WINDOWS\system32\javaws.exe Object is locked skipped
C:\WINDOWS\system32\keystone.exe Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\Macromed\Flash\genuinst.exe Object is locked skipped
C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe Object is locked skipped
C:\WINDOWS\system32\migpwd.exe Object is locked skipped
C:\WINDOWS\system32\MRT.exe Object is locked skipped
C:\WINDOWS\system32\msfeedssync.exe Object is locked skipped
C:\WINDOWS\system32\mypixdx.scr Object is locked skipped
C:\WINDOWS\system32\nature.scr Object is locked skipped
C:\WINDOWS\system32\nvappbar.exe Object is locked skipped
C:\WINDOWS\system32\nvcolor.exe Object is locked skipped
C:\WINDOWS\system32\nvdspsch.exe Object is locked skipped
C:\WINDOWS\system32\nvudisp.exe Object is locked skipped
C:\WINDOWS\system32\NVUNINST.EXE Object is locked skipped
C:\WINDOWS\system32\nvunrm.exe Object is locked skipped
C:\WINDOWS\system32\nvusmb.exe Object is locked skipped
C:\WINDOWS\system32\nwiz.exe Object is locked skipped
C:\WINDOWS\system32\pxhpinst.exe Object is locked skipped
C:\WINDOWS\system32\space.scr Object is locked skipped
C:\WINDOWS\system32\spool\drivers\w32x86\3\EPIBSR30.EXE Object is locked skipped
C:\WINDOWS\system32\spool\drivers\w32x86\3\EPUTIX24.EXE Object is locked skipped
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_ARCVEX.EXE Object is locked skipped
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DMSG00.EXE Object is locked skipped
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DPPE03.EXE Object is locked skipped
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S0BIC1.EXE Object is locked skipped
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10MT1.EXE Object is locked skipped
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10RN1.EXE Object is locked skipped
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S1T0A1.EXE Object is locked skipped
C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c6239c9\EPIBSR30.EXE Object is locked skipped
C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c6239c9\EPUTIX24.EXE Object is locked skipped
C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c6239c9\E_ARCVEX.EXE Object is locked skipped
C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c6239c9\E_DMSG00.EXE Object is locked skipped
C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c6239c9\E_DPPE03.EXE Object is locked skipped
C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c6239c9\E_S0BIC1.EXE Object is locked skipped
C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c6239c9\E_S10MT1.EXE Object is locked skipped
C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c6239c9\E_S10RN1.EXE Object is locked skipped
C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c6239c9\E_S1T0A1.EXE Object is locked skipped
C:\WINDOWS\system32\spupdsvc.exe Object is locked skipped
C:\WINDOWS\system32\Uninstall_eRecovery.exe Object is locked skipped
C:\WINDOWS\system32\URTTemp\regtlib.exe Object is locked skipped
C:\WINDOWS\system32\uwdf.exe Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wdfmgr.exe Object is locked skipped
C:\WINDOWS\system32\WinFXDocObj.exe Object is locked skipped
C:\WINDOWS\system32\wpgldfsh.scr Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_184.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\80d60447d1a27bddf3\spuninst.exe Object is locked skipped
D:\80d60447d1a27bddf3\wgatray.exe Object is locked skipped
D:\80d60447d1a27bddf3\update\update.exe Object is locked skipped

Scan process completed.


====================================================

Logfile of HijackThis v1.99.1
Scan saved at 11:02:15 PM, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\SysMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [P2kAutostart] F:\Documents and Settings\Alvarado Family\My Documents\V3\p2k-commander 3.3.0 Beta\P2kAutostart.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD7D5591-075A-442C-A290-FDDC294EEB7A}: NameServer = 192.168.1.1,192.168.1.2
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe
O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello em1,

I'm seeing Parite infected files. Panda has been doing a good job cleaning these without 'trashing' the file itself. Let's see if it can take care of these for us.


Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on
    located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on
    then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


-------------------------------------

Next, please download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

-------------------------------------

Close any open browsers.

-------------------------------------


Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Please include the following in your next reply:

Panda results
ComboFix.txt
 

·
Registered
Joined
·
190 Posts
Discussion Starter · #6 ·
When I ran active scan it found 14 infected files but didn't prompt me for anything it just disinfected them.
---------------------------


Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\FamilyCPU\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\FamilyCPU\Cookies\[email protected][1].txt
------------
"FamilyCPU" - 07-01-13 22:25:19 Service Pack 2
ComboFix 07-01-14.2 - Running from: "C:\Documents and Settings\FamilyCPU\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-13 to 2007-01-13 ))))))))))))))))))))))))))))))))))


2007-01-13 03:00 <DIR> d-------- C:\WINDOWS\LastGood
2007-01-13 03:00 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-11 21:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-01-11 19:48 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-10 21:58 <DIR> d-------- C:\Program Files\Bear Share
2007-01-10 20:29 218,112 --a------ C:\Program Files\HijackThis.exe
2007-01-09 23:13 <DIR> d-------- C:\DOCUME~1\FAMILY~1\.housecall6.6
2007-01-08 23:57 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-08 23:55 <DIR> d-------- C:\Program Files\Common Files\Real
2007-01-08 23:54 <DIR> d-------- C:\Program Files\Real
2007-01-08 23:50 <DIR> d-------- C:\My Downloads
2007-01-08 23:30 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-01-08 23:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-08 23:14 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-08 22:57 701,914 --a------ C:\WINDOWS\Alaunch.exe
2007-01-08 22:57 247,258 --a------ C:\WINDOWS\Alcmtr.exe
2007-01-08 22:57 1,697,244 --a------ C:\WINDOWS\system32\nwiz.exe
2007-01-08 21:55 <DIR> d-------- C:\DOCUME~1\FAMILY~1\Application Data\BullGuard
2007-01-08 21:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\BullGuard
2007-01-08 21:54 47,056 --a------ C:\WINDOWS\system32\drivers\BdFileSpy.sys
2007-01-08 21:54 <DIR> d-------- C:\Program Files\BullGuard Software
2007-01-08 21:27 <DIR> dr-h----- C:\$VAULT$.AVG
2007-01-08 21:21 <DIR> d-------- C:\DOCUME~1\FAMILY~1\Application Data\AVG7
2007-01-08 21:18 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-01-08 21:18 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-01-08 21:18 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-08 21:18 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-01-08 21:18 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-08 21:18 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-01-08 21:18 <DIR> d-------- C:\Program Files\Grisoft
2007-01-08 21:18 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-01-08 21:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-01-08 21:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-01-07 16:58 <DIR> d-------- C:\DOCUME~1\FAMILY~1\Application Data\Ahead
2007-01-07 16:55 <DIR> d-------- C:\Program Files\Nero
2007-01-07 16:55 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-01-01 13:20 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-01-01 13:20 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-01-01 12:54 <DIR> d-------- C:\Program Files\XBCD
2006-12-31 18:34 <DIR> d-------- C:\WINDOWS\system32\ageia
2006-12-30 19:27 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2006-12-30 19:27 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2006-12-30 19:27 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2006-12-30 19:27 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2006-12-30 19:27 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2006-12-30 19:27 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2006-12-30 19:27 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2006-12-30 19:27 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2006-12-30 10:28 86,016 --a------ C:\WINDOWS\system32\ma_cmidn.dll
2006-12-30 10:28 21,888 --a------ C:\WINDOWS\system32\drivers\ma_cmidi.sys
2006-12-30 07:59 <DIR> d-------- C:\DOCUME~1\FAMILY~1\Application Data\Sonic Foundry
2006-12-30 07:59 <DIR> d-------- C:\DOCUME~1\FAMILY~1\Application Data\Publish Providers
2006-12-30 07:59 <DIR> d-------- C:\DOCUME~1\FAMILY~1\Application Data\NetMedia Providers
2006-12-30 07:56 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2006-12-30 07:56 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2006-12-30 07:56 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-12-30 07:56 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2006-12-29 00:17 <DIR> d-------- C:\Program Files\M-Audio
2006-12-29 00:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\InstallShield
2006-12-26 18:30 <DIR> d-------- C:\DOCUME~1\FAMILY~1\Application Data\Ableton
2006-12-26 18:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Ableton
2006-12-26 18:28 <DIR> d-------- C:\Program Files\Ableton
2006-12-25 21:29 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-12-25 21:11 <DIR> dr-h----- C:\DOCUME~1\FAMILY~1\Application Data\SecuROM
2006-12-25 21:09 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2006-12-25 21:09 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2006-12-25 21:09 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2006-12-25 21:09 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2006-12-25 16:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\DVD Shrink
2006-12-25 16:22 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-12-25 16:14 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-12-25 14:23 <DIR> d-------- C:\Program Files\Paint.NET
2006-12-23 11:54 <DIR> d-------- C:\Program Files\mobile PhoneTools
2006-12-23 11:54 <DIR> d-------- C:\Program Files\LiveUpdate
2006-12-23 11:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\BVRP Software
2006-12-23 07:26 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2006-12-21 20:32 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2006-12-21 20:32 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2006-12-16 16:30 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-12-16 16:30 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-12-16 16:30 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-12-16 16:30 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-12-16 16:30 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-12-16 16:30 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-12-16 16:30 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-12-16 16:30 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-12-16 16:10 9,736 --a------ C:\WINDOWS\system32\emUSD.dll
2006-12-16 16:10 5,246 --a------ C:\WINDOWS\system32\drivers\emFilter.sys
2006-12-16 16:10 45,056 --a------ C:\WINDOWS\system32\emVFW.dll
2006-12-16 16:10 4,522 --a------ C:\WINDOWS\system32\drivers\emScan.sys
2006-12-16 16:10 24,270 --a------ C:\WINDOWS\system32\drivers\emStream.sys
2006-12-16 16:10 20,224 --a------ C:\WINDOWS\system32\drivers\emAudio.sys
2006-12-16 16:10 17,808 --a------ C:\WINDOWS\system32\emYUV.dll
2006-12-16 16:10 104,270 --a------ C:\WINDOWS\system32\drivers\emDevice.sys
2006-12-16 16:10 <DIR> d-------- C:\Program Files\Plextor


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-13 18:25 -------- d-------- C:\Program Files\microsoft activesync
2007-01-11 23:02 8564 --a------ C:\Program Files\hijackthis.log
2007-01-09 20:53 -------- d-------- C:\Program Files\itunes
2007-01-09 20:34 737280 --a------ C:\WINDOWS\iun6002.exe
2007-01-09 20:34 -------- d-------- C:\Program Files\codec pack - all in 1
2007-01-09 20:12 -------- d-------- C:\Program Files\windows media connect 2
2007-01-08 23:58 -------- d-------- C:\DOCUME~1\FAMILY~1\Application Data\real
2007-01-08 22:57 -------- d-------- C:\Program Files\quicktime
2007-01-08 22:56 -------- d-------- C:\Program Files\xvid
2007-01-08 22:56 -------- d-------- C:\Program Files\tvuplayer
2007-01-08 22:56 -------- d-------- C:\Program Files\messenger
2007-01-08 22:56 -------- d-------- C:\Program Files\comsummer
2007-01-08 12:58 -------- d---s---- C:\DOCUME~1\FAMILY~1\Application Data\microsoft
2007-01-06 15:02 41408 --a------ C:\DOCUME~1\FAMILY~1\Application Data\gdipfontcachev1.dat
2007-01-02 11:12 -------- d-------- C:\DOCUME~1\FAMILY~1\Application Data\apple computer
2007-01-01 12:25 -------- d--h----- C:\Program Files\installshield installation information
2006-12-29 16:59 -------- d-------- C:\Program Files\vstplugins
2006-12-29 14:01 -------- d-------- C:\Program Files\image-line
2006-12-29 00:17 -------- d-------- C:\Program Files\Common Files\installshield
2006-12-21 20:34 2508 --a------ C:\DOCUME~1\FAMILY~1\Application Data\$_hpcst$.hpc
2006-12-11 19:24 -------- d-------- C:\DOCUME~1\FAMILY~1\Application Data\help
2006-12-06 20:14 2330624 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-05 03:54 20048 --a------ C:\WINDOWS\system32\bgoutlookhook.dll
2006-12-05 03:46 14416 --a------ C:\WINDOWS\system32\lccl.dll
2006-12-05 03:46 14416 --a------ C:\WINDOWS\system32\client_cc.dll
2006-12-03 19:22 -------- d-------- C:\Program Files\digidesign
2006-12-03 19:21 -------- d-------- C:\Program Files\Common Files\digidesign
2006-12-03 19:07 -------- d-------- C:\Program Files\interlok
2006-12-03 19:07 -------- d-------- C:\Program Files\Common Files\pace anti-piracy
2006-12-03 19:07 -------- d-------- C:\DOCUME~1\FAMILY~1\Application Data\pace anti-piracy
2006-11-26 18:15 -------- d-------- C:\DOCUME~1\FAMILY~1\Application Data\pegasys inc
2006-11-26 18:15 -------- d-------- C:\DOCUME~1\FAMILY~1\Application Data\install instructions
2006-11-26 18:12 -------- d-------- C:\Program Files\xvideoconverter
2006-11-26 17:58 -------- d-------- C:\Program Files\cucusoft
2006-11-25 11:16 -------- d-------- C:\DOCUME~1\FAMILY~1\Application Data\activision
2006-11-23 17:24 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-11-23 12:20 -------- d-------- C:\DOCUME~1\FAMILY~1\Application Data\cyberlink
2006-11-19 20:14 -------- d-------- C:\DOCUME~1\FAMILY~1\Application Data\lavasoft
2006-11-19 09:29 -------- d-------- C:\Program Files\ea sports
2006-11-18 18:21 -------- d-------- C:\DOCUME~1\FAMILY~1\Application Data\vlc
2006-11-16 19:27 -------- d-------- C:\Program Files\Common Files\symantec shared
2006-11-16 18:11 -------- d-------- C:\DOCUME~1\FAMILY~1\Application Data\adobeum
2006-11-16 18:09 -------- d-------- C:\DOCUME~1\FAMILY~1\Application Data\adobe
2006-11-15 23:20 -------- d-------- C:\Program Files\java
2006-11-15 23:20 -------- d-------- C:\DOCUME~1\FAMILY~1\Application Data\sun
2006-11-15 22:02 -------- d-------- C:\Program Files\ipod
2006-11-15 21:53 -------- d-------- C:\Program Files\epson
2006-11-15 20:59 -------- d-------- C:\Program Files\Common Files\java
2006-11-15 20:54 1024 -r-h----- C:\WINDOWS\system32\ntibun4.dll
2006-11-15 20:54 -------- d-------- C:\Program Files\newtech infosystems
2006-11-15 20:54 -------- d-------- C:\Program Files\Common Files\newtech infosystems
2006-11-15 20:53 6144 --a------ C:\WINDOWS\system32\drivers\NTIDrvr.sys
2006-11-15 20:53 1024 -r-h----- C:\WINDOWS\system32\ntimpeg2.dll
2006-11-15 20:53 1024 -r-h----- C:\WINDOWS\system32\ntimp3.dll
2006-11-15 20:53 1024 -r-h----- C:\WINDOWS\system32\ntifcd3.dll
2006-11-15 20:53 1024 -r-h----- C:\WINDOWS\system32\nticdmk7.dll
2006-11-15 20:53 100 --a------ C:\AUTOEXEC.BAT
2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 190942 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-01 14:54 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-11-01 14:52 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-10-19 05:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 383968 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 189916 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 04:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 04:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"P2kAutostart"="F:\\Documents and Settings\\Alvarado Family\\My Documents\\V3\\p2k-commander 3.3.0 Beta\\P2kAutostart.exe"
"BullGuard"="\"C:\\Program Files\\BullGuard Software\\BullGuard\\bullguard.exe\""
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
@=""
"Acer Empowering Technology Monitor"="C:\\WINDOWS\\system32\\SysMonitor.exe"
"WarReg_PopUp"="C:\\Acer\\WR_PopUp\\WarReg_PopUp.exe /idle"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"BullGuard"="\"C:\\Program Files\\BullGuard Software\\BullGuard\\bullguard.exe\" -boot"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
QWAVE REG_MULTI_SZ QWAVE\0\0
BullGuard REG_MULTI_SZ BgMainSvc\0BsFileScan\0BsMailProxy\0\0
BullGuardFw REG_MULTI_SZ BsFwall\0\0


Completion time: 07-01-13 22:27:17
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hi,

Kaspersky is reporting files in the C:\Config.msi as infected with Parite. I'd like to try another tool and see how effective it is. If not, we'll go after them ourselves.

The Config.msi folder apparently is used with Microsoft Office products, or in some cases, failed installations.
http://filext.com/detaillist.php?extdetail=RBF
The .RBF files and the config.msi folder are used by the Windows Installer rollback process. The rollback script (.RBS) file is always stored in the Config.Msi folder on the drive where the operating system is installed. The .RBF files are stored in the Config.Msi folder located on the drive where the application that is being backed up currently resides. This is done so that there is no crossing of drives when backing up the application files. Files with a RBS file extension are rollback script files and files with a RBF file extension are backups of existing files. All rollback files and the Config.Msi folder are deleted when the installation completes successfully.
I can tell you that I have that folder on my system and it is empty. Either way, they are infected with Parite and would be of no use anyway. :sayyes:

http://discussions.hardwarecentral.com/archive/index.php/t-152303.html


This next tool tends to be a bit aggressive, but if you follow these instructions, we'll be able to easily move back any programs/files it may quarantine unnecessarily:

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Good, your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links.


Reset hidden/system files and folders
Windows XP
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Enable Windows Auto Update
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Download Spyware Guard to catch and block spyware before it can execute.

Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
  • Now navigate to C:\ie-spyad. Double click to open it.
  • From within the folder, double-click install.bat
  • Select Option #2 - Install the new IE-SPYAD list, by typing 2
  • Then return to the main menu.
  • Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Follow this list and your potential for being infected again will reduce dramatically. :smile:
 
1 - 9 of 9 Posts
Status
Not open for further replies.
Top