Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Antivirus and Tv program problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Antivirus and Tv program problems

Unread postby luckwealth » January 5th, 2008, 5:14 pm

I guess, or I should say I'm pretty sure my computer is quite seriously infected. Really glad I found this great site here with experts so very kindly and generously ready with your helping hands, in really bad mood having to fight with the malwarers but comforted being luckily in the right place for seeking help, hehe....

So far I found the following couple of major big problems :-

1) All in a sudden my great helper Nod32 disappeared and I simply can't reinstall it by always getting rejected with popup error that says "Nod32 (106) error occured while extracting archive file". I then tried different versions and same thing happened. What's worse is I even can't install any other antivirus programs. Among the many ones I've tried, some rejected during installation with prompted erros and some, like Avast Home and Professional seemed having been installed fine but then the executable Exe file mysteriously disappeared from the folder right before my eyes so I could never launch it, how incredible!!

2) My favorite Tv program Cyberlink Power Cinema is not working any more!!!! I tried launching my other Tv program and it won't work either, likewise nothing turns up but just a black blank screen without any error prompt. I then opened Movie Maker trying to see if it tells anything and it did, the popup read there's an error with the capture device and I guess this should be what caused my tv programs not functioning.

3) There's another minor problem which is my handy helpful virtual mouse tool Point-N-Click, unlike before, keeps blinking, it sometimes even blinks the border of the active window making the screen a little annoying and distracting. It keeps minimizing itself as small as a little dot lying on top of the desktop as normal but now I can't access its functions and settings by hovering on it like before!

I'm done with all necessary scans, except spybot, installation of which faced the same problem as that of my Avast installation (the executable exe file disappeared right after installation), and with many thanks here's my log for your kindest analysis and advice please :-

==========================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:50, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\NuonSoft\ShellEnhancer\ShellEnhancer.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Tools\Tools\Reminder.exe
C:\Program Files\Sensiva, Inc\Symbol Commander Pro\Sensiva.exe
C:\Program Files\Winsplit Revolution 1.8 (1.9NonProperlyWorkable)\WinSplit.exe
C:\Program Files\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Xi\NetXfer\NetTransport.exe
C:\Program Files\HACE\Mmm\MmmTray.exe
C:\PROGRA~1\FREEIN~1\Clearpch.exe
C:\Tools\Processor\Ditto\Ditto.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
C:\Program Files\Volumouse\volumouse.exe
C:\Program Files\Brightness&ColorSwapper-gapa\Brightness&ColorSwapper-gapa.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\Program Files\ClickOff\Clickoff.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\Point-N-Click\Point-N-Click.exe
C:\Program Files\Stardock\Object Desktop\RightClick\RightClick.exe
C:\Program Files\Strokeit\strokeit.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\MalwareScanner-HiJackThis\MalwareScanner-HiJackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Tools\System\RAM Idle Professional 3.4\RAM_XP.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NuonSoft ShellEnhancer StartupHelper] C:\Program Files\NuonSoft\ShellEnhancer\StartupHelper.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Aqua] C:\Program Files\Deskperience\Aqua\wText.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast47\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-3GNJF.exe" /REG
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Kana Reminder] "C:\Tools\Tools\Reminder.exe"
O4 - HKCU\..\Run: [Sensiva] "C:\Program Files\Sensiva, Inc\Symbol Commander Pro\Sensiva.exe"
O4 - HKCU\..\Run: [Winsplit] C:\Program Files\Winsplit Revolution 1.8 (1.9NonProperlyWorkable)\WinSplit.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [NetXfer] "C:\Program Files\Xi\NetXfer\NetTransport.exe"
O4 - HKCU\..\Run: [Mmm] "C:\Program Files\HACE\Mmm\MmmTray.exe"
O4 - HKCU\..\Run: [Free Internet Window Washer] C:\PROGRA~1\FREEIN~1\Clearpch.exe -Start
O4 - HKCU\..\Run: [Ditto] C:\Tools\Processor\Ditto\Ditto.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\Volumouse\volumouse.exe" /nodlg
O4 - HKCU\..\Run: [TrojanKiller] "C:\Program Files\Trojan Killer\TrojanKiller.exe" 0
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Get file size - res://C:\Program Files\Moveax InternetFileSize\IFSIEMenuStub.dll/201
O8 - Extra context menu item: Download All by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: 妏蚚iTudou狟婥誹醴 - C:\Program Files\Tudou\iTudou\iTudou_Link.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} (EWA Control) - http://www.pplive.com/zh-cn/other/live/install.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://download.tvants.com/pub/tvants/t ... tvants.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8A4943CC-1950-44F9-9045-D3D428FD3948} (SecureX Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} (LiveMediaOcx Control) - http://dl_dir.qq.com/qqtv/QQLiveOcxSetup.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {D4ACE027-B115-4181-82CF-831C68235CAB} (PPSBase Control) - http://hot1.vdown.21cn.com/rmdownload/d ... psbase.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: P4P Service - Unknown owner - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 10282 bytes
==========================

I really respect the supreme expertise of all yours and am more than grateful for your kind heart and generosity, and your enthusiasm to help, the world is more wonderful because of you great guys, really great guys!!

I kinda sense that there may be more and more problems coming up if I can't do anything to stop it, and I can't imagine how I could survive without the help of yours! My heartiest salute and thanks to you all....

++++++++++++++++++++++++++++++++++++++++++++++++
Edited addition :-

Here's my latest found craze driving problem that I forgot to include above :
I guess my sound card is not working either, my computer now has no audio at all!!

++++++++++++++++++++++++++++++++++++++++++++++++
Edited addition 2 :-

To my surprise audio is back! Maybe sound card not working wasn't an issue due to the malware attack but because of something else, hehe.... Looking forward to any kind advice of yours!

Millions of thanks again....
luckwealth
Active Member
 
Posts: 13
Joined: January 3rd, 2008, 9:45 am
Advertisement
Register to Remove

Re: Antivirus and Tv program problems

Unread postby 'KotaGuy » January 10th, 2008, 10:19 am

Sorry for the delay in a reply. If you still require help can you post a new HijackThis log please. Its been a few days since you've posted and something in the log may have changed since then.

Thanks!
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Antivirus and Tv program problems

Unread postby luckwealth » January 10th, 2008, 9:56 pm

I'm very thankful indeed for your kind response and I understand well about the long queue asking for help like me.

Yes, I'm still much in need of your help and advice please!

My mentioned 3 critical problems still exists except that Cyberlink Cinema now simply crashes right upon its opening, instead of displaying a blank black screen after letting me choose "TV" out of other options radio, music, movies, etc.

In addition, My Ad-Aware can update and scan fine while I could only have updated my a-squared free for the first time. It can't be updated any more since then with an error remark saying "Couldn't connect to the update server. Please check your internet connection and proxy settings." I can do the scan alright though.

And here's my updated log please :-

==========================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:05, on 11/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\NuonSoft\ShellEnhancer\ShellEnhancer.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Deskperience\Aqua\wText.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Tools\Tools\Reminder.exe
C:\Program Files\Sensiva, Inc\Symbol Commander Pro\Sensiva.exe
C:\Program Files\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Winsplit Revolution 1.8 (1.9NonProperlyWorkable)\WinSplit.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Xi\NetXfer\NetTransport.exe
C:\Program Files\HACE\Mmm\MmmTray.exe
C:\PROGRA~1\FREEIN~1\Clearpch.exe
C:\Tools\Processor\Ditto\Ditto.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
C:\Program Files\Volumouse\volumouse.exe
C:\Program Files\a-squared Free\a2free.exe
C:\Program Files\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\Brightness&ColorSwapper-gapa\Brightness&ColorSwapper-gapa.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\Program Files\ClickOff\Clickoff.exe
C:\Program Files\Strokeit\strokeit.exe
C:\Program Files\Point-N-Click\Point-N-Click.exe
C:\Tools\RAM Idle Professional 3.4\RAM_XP.exe
C:\Tools\Tools\ResizeEnable\ResizeEnableRunner.exe
C:\Program Files\Stardock\Object Desktop\RightClick\RightClick.exe
C:\Tools\Tools\ZoomIt-DesktopZoomer.Pen.BlankScreen.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MalwareScanner-HiJackThis\MalwareScanner-HiJackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Tools\System\RAM Idle Professional 3.4\RAM_XP.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NuonSoft ShellEnhancer StartupHelper] C:\Program Files\NuonSoft\ShellEnhancer\StartupHelper.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Aqua] C:\Program Files\Deskperience\Aqua\wText.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast47\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Kana Reminder] "C:\Tools\Tools\Reminder.exe"
O4 - HKCU\..\Run: [Sensiva] "C:\Program Files\Sensiva, Inc\Symbol Commander Pro\Sensiva.exe"
O4 - HKCU\..\Run: [Winsplit] C:\Program Files\Winsplit Revolution 1.8 (1.9NonProperlyWorkable)\WinSplit.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [NetXfer] "C:\Program Files\Xi\NetXfer\NetTransport.exe"
O4 - HKCU\..\Run: [Mmm] "C:\Program Files\HACE\Mmm\MmmTray.exe"
O4 - HKCU\..\Run: [Free Internet Window Washer] C:\PROGRA~1\FREEIN~1\Clearpch.exe -Start
O4 - HKCU\..\Run: [Ditto] C:\Tools\Processor\Ditto\Ditto.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\Volumouse\volumouse.exe" /nodlg
O4 - HKCU\..\Run: [TrojanKiller] "C:\Program Files\Trojan Killer\TrojanKiller.exe" 0
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Get file size - res://C:\Program Files\Moveax InternetFileSize\IFSIEMenuStub.dll/201
O8 - Extra context menu item: Download All by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: 妏蚚iTudou狟婥誹醴 - C:\Program Files\Tudou\iTudou\iTudou_Link.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} (EWA Control) - http://www.pplive.com/zh-cn/other/live/install.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://download.tvants.com/pub/tvants/t ... tvants.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8A4943CC-1950-44F9-9045-D3D428FD3948} (SecureX Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} (LiveMediaOcx Control) - http://dl_dir.qq.com/qqtv/QQLiveOcxSetup.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {D4ACE027-B115-4181-82CF-831C68235CAB} (PPSBase Control) - http://hot1.vdown.21cn.com/rmdownload/d ... psbase.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: P4P Service - Unknown owner - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 10429 bytes
==========================

It's all really tough hard work and great contribution for you guys helping out here, I'd only be waiting patiently, no complaint, so no worry please, hehe! In fact just what more could I ask for except sending you my sincerest thanks....
luckwealth
Active Member
 
Posts: 13
Joined: January 3rd, 2008, 9:45 am

Re: Antivirus and Tv program problems

Unread postby 'KotaGuy » January 10th, 2008, 11:48 pm

Your log isn't showing any visible sign of infection. Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.

Copy/paste the contents of the KAV log in your next reply.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Antivirus and Tv program problems

Unread postby luckwealth » January 11th, 2008, 8:25 am

Thanks so much for your such prompt reply!!!!

My Kaspersky report is as below please :-

==========================
KASPERSKY ONLINE SCANNER REPORT
Friday, January 11, 2008 6:45:13 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/01/2008
Kaspersky Anti-Virus database records: 507322
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 121179
Number of viruses found: 7
Number of infected objects: 40
Number of suspicious objects: 0
Duration of the scan process: 03:57:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\-mildy-\Application Data\Ditto\Ditto.db Object is locked skipped
C:\Documents and Settings\-mildy-\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\-mildy-\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\-mildy-\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\-mildy-\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\-mildy-\Local Settings\History\History.IE5\MSHist012008011120080112\index.dat Object is locked skipped
C:\Documents and Settings\-mildy-\Local Settings\Temp\Perflib_Perfdata_9d0.dat Object is locked skipped
C:\Documents and Settings\-mildy-\Local Settings\Temp\~DF4478.tmp Object is locked skipped
C:\Documents and Settings\-mildy-\Local Settings\Temp\~DF709D.tmp Object is locked skipped
C:\Documents and Settings\-mildy-\Local Settings\Temp\~DF8FE.tmp Object is locked skipped
C:\Documents and Settings\-mildy-\Local Settings\Temp\~DFAE42.tmp Object is locked skipped
C:\Documents and Settings\-mildy-\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\-mildy-\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\-mildy-\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\logs\AWProcessesLog.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\logs\CoreEngineCommunicationLog.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Installers\Tools-Installer\RemotePcController&FileTransferer-crossloopsetup.exe/file55 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\Installers\Tools-Installer\RemotePcController&FileTransferer-crossloopsetup.exe/file56 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Installers\Tools-Installer\RemotePcController&FileTransferer-crossloopsetup.exe Inno: infected - 2 skipped
C:\NetTransport\2007.wmv Object is locked skipped
C:\Program Files\BrainsBreaker\Brainsbreaker 4.8 002 full con crack\Poner en español\bb40cas.dix Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AGENT_LOG1.txt Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db-journal Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BINARY\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db-journal Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db-journal Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db-journal Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db-journal Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db-journal Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db-journal Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\tracking.log Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0000760.SYS Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003745.EXE Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003746.EXE Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003747.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003748.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003749.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003750.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003751.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003752.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003753.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003754.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003755.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003756.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003757.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003758.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003759.SDB Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003760.EXE Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003761.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003762.EXE Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003763.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003764.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003765.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003766.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003767.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003768.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003769.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003770.CAT Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003771.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003772.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003773.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003774.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003775.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003776.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003777.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003778.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003779.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003780.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003781.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003782.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003783.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003784.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003785.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003786.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003787.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003788.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003789.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003790.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003791.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003792.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003793.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003794.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003795.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003796.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003797.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003798.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003799.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003800.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003801.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003802.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003803.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003804.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003805.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003806.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003807.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003808.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003809.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003810.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003811.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003812.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003813.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003814.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003815.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003816.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003817.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003818.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003819.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003820.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003821.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003822.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003823.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003824.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003825.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003826.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003827.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003828.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003829.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003830.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003831.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003832.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003833.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003834.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003835.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003836.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003837.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003838.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003839.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003840.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003841.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003842.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003843.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003844.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003845.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003846.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003847.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003848.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003849.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003850.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003851.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003852.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003853.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003854.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003855.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003856.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003857.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003858.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003859.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003860.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003861.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003862.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003863.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003864.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003865.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003866.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003867.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003868.SYS Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003869.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003870.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003871.INI Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003872.EXE Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003873.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003874.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003875.ENU Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003876.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003877.COM Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003878.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003879.SYS Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003880.CAT Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003881.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003882.EXE Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003883.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003884.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003885.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003886.INI Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003887.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003888.EXE Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003889.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003890.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003891.BAT Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003892.INI Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003893.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003894.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003895.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003896.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003897.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003898.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003899.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003900.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003901.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003902.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003903.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003904.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003905.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003906.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003907.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003908.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003909.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003910.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003911.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003912.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003913.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003914.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003915.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003916.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003917.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003918.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003919.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003920.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003921.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003922.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003923.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003924.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003925.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003926.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003927.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003928.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003929.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003930.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003931.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003932.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003933.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003934.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003935.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003936.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003937.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003938.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003939.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003940.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003941.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003942.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003943.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003944.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003945.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003946.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003947.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003948.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003949.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003950.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003951.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003952.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003953.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003954.CAT Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003955.SYS Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003956.EXE Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003957.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003958.EXE Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003959.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003960.EXE Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003961.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003962.SIF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003963.EXE Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003964.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003965.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003966.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003967.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003968.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003969.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003970.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003971.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003972.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003973.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003974.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003975.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003976.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003977.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003978.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003979.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003980.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003981.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003982.EXE Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003983.EXE Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003984.HLP Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003985.MSI Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003986.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003987.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003988.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003989.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003990.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003991.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003992.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003993.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003994.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003995.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003996.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003997.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003998.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0003999.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004000.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004001.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004002.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004003.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004004.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004005.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004006.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004007.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004008.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004009.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004010.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004011.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004012.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004013.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004014.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004015.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004016.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004017.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004018.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004019.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004020.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004021.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004022.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004023.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004024.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004025.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004026.WA_ Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004027.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004028.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004029.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004030.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004031.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004032.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004033.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004034.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004035.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004036.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004037.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004038.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004039.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004040.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004041.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004042.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004043.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004044.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004045.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004046.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004047.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004048.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004049.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004050.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004051.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004052.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004053.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004054.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004055.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004056.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004057.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004058.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004059.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004060.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004061.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004062.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004063.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004064.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004065.INI Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004066.INI Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004067.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004068.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004069.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004070.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004071.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004072.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004073.EXE Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004074.EXE Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004075.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004076.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004077.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004078.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004079.INF Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004080.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004081.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004082.CAT Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004083.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004084.CAT Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004085.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004086.CAT Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004087.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004088.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004089.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004090.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004091.CAT Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004092.CAT Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004093.CAT Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004094.DLL Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\A0004095.ini Object is locked skipped
C:\System Volume Information\_restore{01A89F0C-31D6-41C5-A554-A0A9AEE549AB}\RP3\change.log Object is locked skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP3\A0000824.cmd Infected: Backdoor.Win32.ServU-based skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP3\A0000825.exe Infected: Trojan-Downloader.Win32.Bagle.gi skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP3\A0000869.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP3\A0002034.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP3\A0002035.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP3\A0002036.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP3\A0002037.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP3\A0002038.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP3\A0002039.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP3\A0002040.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP3\A0002041.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP3\A0002042.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP3\A0002043.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP3\A0002044.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP3\A0002045.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP3\A0002046.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP3\A0002047.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002203.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002204.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002205.exe Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002206.exe Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002207.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002208.exe Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002209.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002210.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002211.exe Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002212.exe Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002213.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002214.exe Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002215.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002216.exe Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002217.exe Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002218.exe Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002219.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002220.exe Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002221.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP4\A0002222.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP6\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\ActiveScan\pav.bak Object is locked skipped
C:\WINDOWS\system32\ActiveScan\pav.sig Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\Antiviru.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_430.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.
==========================

I've another piece of note that I'm not sure whether of help or not, during my search for help before finding this site here I came across some article stating a very harmful worm named "bagle", and my Bitdefender online scan detected quite a few items infected with "bagle" stated like the following which I dared not delete after disinfection failure :-

C:\System Volume Information\_restore{B3E7A0EC-3E07-400D-8ACB-06782AB0048D}\RP3\A0002034.exe is infected with Win32.Bagle.STT@mm

Many many thanks again....
luckwealth
Active Member
 
Posts: 13
Joined: January 3rd, 2008, 9:45 am

Re: Antivirus and Tv program problems

Unread postby 'KotaGuy » January 11th, 2008, 10:15 am

Lots of things in your System Restore Points... which we can clear up later. But nothing "active" from what the KAV log is showing.

Quick question... the Bagle worm typically destroys the ability to boot into Safe Mode. Can you boot into Safe Mode with this computer?
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Antivirus and Tv program problems

Unread postby luckwealth » January 11th, 2008, 12:24 pm

I've just tried booting into safe mode and it just won't let me!! So you get it, no safe mode booting is my computer's other critical problem.

Thanks a lot indeed....
luckwealth
Active Member
 
Posts: 13
Joined: January 3rd, 2008, 9:45 am

Re: Antivirus and Tv program problems

Unread postby 'KotaGuy » January 11th, 2008, 2:00 pm

Please download SafeBootKeyRepair.exe from Tech Support Forum and save it to your desktop.
  • Double click on SafeBootKeyRepair.exe to run it.
  • Notepad will open shortly aftewards; please post the contents of this Notepad file in your next reply.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Antivirus and Tv program problems

Unread postby luckwealth » January 12th, 2008, 3:48 am

==========================
Reg export of SafeBoot key after repair:
==========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

==========================

The above is the required report for your kind analysis please.

Many thanks....
luckwealth
Active Member
 
Posts: 13
Joined: January 3rd, 2008, 9:45 am

Re: Antivirus and Tv program problems

Unread postby 'KotaGuy » January 12th, 2008, 4:02 am

That looks good... can you bot into Safe Mode now?
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Antivirus and Tv program problems

Unread postby luckwealth » January 12th, 2008, 4:54 am

Yeah yeah yeah!! It's totally magic! The safe mode booting is right back in service!! Tried to write you there in that mode, silly me didn't know internetting was impossible in safe mode, hehe... I'd be waiting for your next command sir, my Mr Magician!
luckwealth
Active Member
 
Posts: 13
Joined: January 3rd, 2008, 9:45 am

Re: Antivirus and Tv program problems

Unread postby 'KotaGuy » January 12th, 2008, 7:06 pm

Good to hear :)

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Antivirus and Tv program problems

Unread postby luckwealth » January 13th, 2008, 5:03 am

I just had to do the scan twice and am afraid log of having scanned twice would make any difference or confusion for your analysis. So what happened is the first scan ran through fine and should have completed right within 20 minutes according to the smooth progress. But it froze during probably the last step after saying "Let Combofix restart your computer." with both the keyboard and mouse disabled and I simply couldn't launch Windows Task Manager. The only thing I can do is shutting down the computer by holding down the on/off button a while. (This case isn't very rare for me. my system freezes like this forcing me to shut down this way sometimes and this has slightly become more frequent after the malware attack. I know I'm no good at keeping my computer well protected, hehe....)

Here comes the log please :-

===========================
ComboFix 08-01-13.1 - -mildy- 2008-01-13 15:06:23.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.950.1.1028.18.508 [GMT 8:00]
執行位置?: C:\Tools\System\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((( 其他遭刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Common Files\sogou pxp
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\instsrv.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_P4P_SERVICE
-------\LEGACY_SROSA
-------\P4P Service
-------\srosa




(((((((((((((((((((((((((((( 2007-12-13 - 2008-01-13 之間建立的檔案 )))))))))))))))))))))))))))))))))
.

2008-01-13 14:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 19:56 . 2004-08-12 12:00 11,776 --a------ C:\WINDOWS\system32\dllcache\chkdsk.exe
2008-01-12 19:56 . 2004-08-12 12:00 11,776 --a------ C:\WINDOWS\system32\chkdsk.exe
2008-01-11 20:14 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-11 12:11 . 2008-01-11 12:11 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-11 12:11 . 2008-01-11 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-11 10:41 . 2008-01-11 10:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-11 10:41 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-01-11 10:36 . 2008-01-11 10:37 <DIR> d-------- C:\Program Files\SpywareGuard
2008-01-11 10:15 . 2008-01-11 10:15 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-01-05 22:28 . 2008-01-05 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2008-01-05 18:36 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-01-05 18:36 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-01-05 18:35 . 2008-01-05 21:44 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-05 18:35 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-01-05 18:35 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-01-05 18:03 . 2008-01-05 18:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-05 18:03 . 2008-01-05 18:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-05 17:57 . 2008-01-05 17:57 <DIR> d-------- C:\Program Files\Real Alternative
2008-01-05 17:54 . 2008-01-05 17:54 <DIR> d-------- C:\Program Files\RealMedia
2008-01-05 00:30 . 2008-01-05 02:11 313,982,976 --a------ C:\79F.tmp
2008-01-04 21:01 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\ltkiuluurife.sys
2008-01-04 18:14 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-04 18:09 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\kpnffmdfnmti.sys
2008-01-04 16:59 . 2008-01-11 17:03 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-04 16:59 . 2008-01-11 16:30 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-04 16:59 . 2008-01-11 16:31 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-04 16:59 . 2008-01-11 16:31 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-04 14:36 . 2008-01-05 20:39 <DIR> d-------- C:\Documents and Settings\-mildy-\.housecall6.6
2008-01-04 02:46 . 2008-01-09 21:06 <DIR> d-------- C:\Program Files\Babysitting Mania
2008-01-04 01:07 . 2008-01-12 19:30 <DIR> d-------- C:\Program Files\a-squared Free
2008-01-04 01:02 . 2008-01-11 23:47 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-03 23:27 . 2008-01-05 22:10 <DIR> d-------- C:\Program Files\Ad-Aware 2007
2008-01-03 23:27 . 2008-01-03 23:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-03 23:25 . 2008-01-03 23:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 22:36 . 2008-01-11 09:19 <DIR> d-------- C:\Program Files\MalwareScanner-HiJackThis
2008-01-03 02:11 . 2008-01-13 14:45 <DIR> d-------- C:\Program Files\Avast47
2008-01-03 02:11 . 2007-12-04 21:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-03 02:11 . 2007-12-04 20:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-03 02:11 . 2007-12-04 22:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-03 02:11 . 2007-12-04 22:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-03 02:11 . 2007-12-04 22:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-03 02:11 . 2007-12-04 22:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-03 02:11 . 2007-12-04 22:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-03 02:06 . 2004-01-09 17:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-03 01:18 . 2008-01-04 20:59 <DIR> d-------- C:\Program Files\Trojan Killer
2008-01-01 18:51 . 2003-03-19 04:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-01 13:17 . 2005-09-25 02:07 548,707 --------- C:\WINDOWS\system32\drivers\hldrrr.exe
2008-01-01 13:16 . 2008-01-06 01:54 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2007-12-31 15:45 . 2008-01-02 12:54 <DIR> d-------- C:\Program Files\Farm Frenzy
2007-12-31 15:28 . 2007-12-31 15:42 <DIR> d-------- C:\Program Files\Neighbours from Hell
2007-12-30 17:00 . 2007-12-30 17:00 <DIR> d-------- C:\Program Files\Nuclear Coffee
2007-12-30 16:31 . 2007-12-30 22:58 <DIR> d-------- C:\Program Files\Brainsbreaker 4.9.105
2007-12-30 16:18 . 2007-12-30 16:29 <DIR> d-------- C:\Program Files\Playtonium Jigsaw Patterns in Nature
2007-12-30 13:27 . 2008-01-05 17:06 <DIR> d-------- C:\Program Files\Total Video Converter
2007-12-30 13:27 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2007-12-27 13:25 . 2007-12-27 17:30 <DIR> d-------- C:\Program Files\Jigsaws
2007-12-27 11:39 . 2007-12-28 11:02 <DIR> d-------- C:\Program Files\BrainsBreaker
2007-12-26 15:09 . 2008-01-05 18:32 <DIR> d-------- C:\Program Files\OpenSource Flash Video Splitter
2007-12-24 14:20 . 2007-12-24 14:21 <DIR> d-------- C:\Program Files\Wedding Dash
2007-12-23 20:49 . 2007-12-23 21:14 <DIR> d-------- C:\Program Files\Pastime Puzzles
2007-12-23 17:53 . 2007-12-23 18:00 <DIR> d-------- C:\Program Files\Mystery Of Shark Island
2007-12-23 14:00 . 2007-12-23 14:01 <DIR> d-------- C:\Program Files\Lucy Q Deluxe
2007-12-23 11:39 . 2007-12-27 11:33 <DIR> d-------- C:\Program Files\Jigsaw365
2007-12-21 17:04 . 2008-01-09 20:13 <DIR> d-------- C:\Program Files\Pocket JigMake
2007-12-21 16:37 . 2007-12-21 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-21 16:37 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-21 16:37 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-21 16:36 . 2007-12-21 16:45 <DIR> d-------- C:\Program Files\QuickTime Alternative
2007-12-20 14:35 . 2007-12-20 14:35 <DIR> d-------- C:\Documents and Settings\-mildy-\Application Data\ViquaSoft
2007-12-19 20:01 . 2007-12-19 20:02 <DIR> d-------- C:\Program Files\Diner Dash Flo On The Go
2007-12-19 20:00 . 2007-12-23 22:52 <DIR> d-------- C:\Program Files\Diner Dash Hometown Hero
2007-12-19 19:47 . 2007-12-20 15:12 <DIR> d-------- C:\Program Files\Delivery King
2007-12-18 22:40 . 2007-12-18 22:40 <DIR> d-------- C:\Documents and Settings\-mildy-\Application Data\My Games
2007-12-18 15:32 . 2007-12-18 15:32 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-12-18 15:15 . 2007-12-18 15:31 535 --a------ C:\WINDOWS\wwwconfig.dat
2007-12-18 01:27 . 2007-12-18 15:32 <DIR> d-------- C:\Program Files\Flower Shop Big City Break
2007-12-18 01:26 . 2007-12-18 15:06 <DIR> d-------- C:\Program Files\Posh Shop
2007-12-18 01:25 . 2007-12-20 21:00 <DIR> d-------- C:\Program Files\Pizza Frenzy
2007-12-18 01:25 . 2007-12-20 22:57 <DIR> d-------- C:\Program Files\Daycare Nightmare
2007-12-18 01:24 . 2007-12-18 15:09 <DIR> d-------- C:\Program Files\Cathys Caribbean Club
2007-12-18 01:23 . 2007-12-21 23:22 <DIR> d-------- C:\Program Files\Believe In Santa
2007-12-18 01:20 . 2007-12-18 15:12 <DIR> d-------- C:\Program Files\Baby Luv
2007-12-18 01:19 . 2007-12-18 15:13 <DIR> d-------- C:\Program Files\Big Island Blends
2007-12-18 01:18 . 2007-12-25 01:29 <DIR> d-------- C:\Program Files\Fab Fashion
2007-12-18 01:15 . 2007-12-27 11:34 <DIR> d-------- C:\Program Files\Teddy Factory
2007-12-18 00:56 . 2007-12-18 15:15 <DIR> d-------- C:\Program Files\Wild West Wendy
2007-12-18 00:51 . 2007-12-18 01:09 <DIR> d-------- C:\Program Files\Mystic Inn
2007-12-18 00:50 . 2007-12-18 01:09 <DIR> d-------- C:\Program Files\Santas Super Friends
2007-12-18 00:48 . 2007-12-18 01:11 <DIR> d-------- C:\Program Files\Birdies
2007-12-18 00:45 . 2007-12-18 01:12 <DIR> d-------- C:\Program Files\Home Sweet Home
2007-12-18 00:41 . 2007-12-18 01:12 <DIR> d-------- C:\Program Files\Happy Hour
2007-12-17 23:31 . 2007-12-21 21:21 <DIR> d-------- C:\Program Files\Sallys Salon
2007-12-17 23:12 . 2007-12-18 01:13 <DIR> d-------- C:\Program Files\Delicious 2 Deluxe
2007-12-17 23:10 . 2007-12-20 21:03 <DIR> d-------- C:\Program Files\Sushi Frenzy
2007-12-17 01:53 . 2007-12-20 19:53 <DIR> d-------- C:\Program Files\Nanny Mania
2007-12-17 01:42 . 2007-12-17 01:42 <DIR> d-------- C:\Documents and Settings\-mildy-\Application Data\Jane s Hotel
2007-12-17 01:37 . 2007-12-17 01:41 <DIR> d-------- C:\Program Files\Janes Hotel
2007-12-16 20:48 . 2007-12-16 20:48 <DIR> d-------- C:\Documents and Settings\-mildy-\Application Data\Sandlot Games
2007-12-16 20:39 . 2007-12-16 20:39 <DIR> d-------- C:\WINDOWS\Burger Shop

.
(((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案 )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 07:14 5,505,024 ---ha-w C:\Documents and Settings\-mildy-\NTUSER.DAT
2008-01-13 07:14 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\ClickOff
2008-01-13 06:27 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Ditto
2008-01-13 03:02 --------- d-----w C:\Program Files\BitComet
2008-01-12 16:00 --------- d-----w C:\Program Files\Replay AV 8
2008-01-12 15:35 --------- d-----w C:\Program Files\NJStar Communicator
2008-01-11 12:18 --------- d-----w C:\Program Files\Crazy Browser
2008-01-08 17:00 --------- d-----w C:\Program Files\Flary Address
2008-01-08 10:27 --------- d-----w C:\Program Files\eMule
2008-01-05 14:48 --------- d-----w C:\Program Files\Winsplit Revolution 1.8 (1.9NonProperlyWorkable)
2008-01-05 14:48 --------- d-----w C:\Program Files\Volumouse
2008-01-05 14:47 --------- d-----w C:\Program Files\UberIcon
2008-01-05 14:46 --------- d-----w C:\Program Files\TaskSwitchXP
2008-01-05 14:46 --------- d-----w C:\Program Files\StrokeIt
2008-01-05 14:41 --------- d-----w C:\Program Files\Point-N-Click
2008-01-05 14:25 --------- d-----w C:\Program Files\Free Internet Window Washer
2008-01-05 14:23 --------- d-----w C:\Program Files\FileNote
2008-01-05 14:21 --------- d-----w C:\Program Files\EasyZip
2008-01-05 14:16 --------- d-----w C:\Program Files\CursorXP
2008-01-05 14:16 --------- d-----w C:\Program Files\CopyURL
2008-01-05 14:16 --------- d-----w C:\Program Files\Common Files\Stardock
2008-01-05 14:15 --------- d-----w C:\Program Files\ClickOff
2008-01-05 14:15 --------- d-----w C:\Program Files\Click-N-Type
2008-01-05 14:15 --------- d-----w C:\Program Files\Brightness&ColorSwapper-gapa
2008-01-05 12:31 --------- d-----w C:\Program Files\Renamer
2008-01-03 18:10 --------- d-----w C:\Program Files\Taskbar Shuffle
2008-01-02 13:21 20 ----a-w C:\sccfg.sys
2008-01-01 13:19 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\MegauploadToolbar
2008-01-01 12:28 --------- d-s---w C:\Documents and Settings\-mildy-\Application Data\Microsoft
2007-12-31 12:16 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-24 06:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-12-24 06:21 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\PlayFirst
2007-12-21 18:22 --------- d-----w C:\Program Files\ICE Book Reader Professional Retail 76
2007-12-21 04:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-20 06:35 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\ViquaSoft
2007-12-18 14:40 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\My Games
2007-12-16 17:42 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Jane s Hotel
2007-12-16 12:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-12-16 12:48 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Sandlot Games
2007-12-16 10:02 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\iWin
2007-12-15 11:13 --------- d-----w C:\Program Files\Paradise Pet Salon
2007-12-09 20:58 --------- d-----w C:\Program Files\Fashion Fits
2007-12-09 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2007-12-08 14:59 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Macromedia
2007-12-08 09:19 --------- d-----w C:\Program Files\Cake Mania Back to the Bakery
2007-12-08 09:11 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2007-12-07 10:17 --------- d-----w C:\Program Files\Cake Mania 2
2007-12-06 07:36 --------- d-----w C:\Program Files\mp3DirectCut
2007-12-05 14:57 --------- d-----w C:\Program Files\Any Media to MP3 Converter
2007-12-05 14:34 --------- d-----w C:\Program Files\Shuangs Audio Editor
2007-12-05 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2007-12-05 11:24 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\River Past G5
2007-12-05 08:13 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2007-12-05 08:12 --------- d-----w C:\Program Files\DVDVideoSoft
2007-12-05 06:12 --------- d-----w C:\Program Files\AimOne_AlltoMP3
2007-12-04 15:27 --------- d-----w C:\Program Files\GameHouse
2007-12-04 12:15 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Big Fish Games
2007-12-04 12:10 --------- d-----w C:\Program Files\Azada
2007-12-04 09:48 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\GameHouse
2007-12-04 08:44 --------- d-----w C:\Program Files\Abra Academy
2007-12-03 11:06 --------- d-----w C:\Program Files\Tudou
2007-11-29 17:47 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\PhraseExpress
2007-11-29 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\PhraseExpress
2007-11-26 15:02 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Scan2PDF
2007-11-26 13:51 --------- d-----w C:\Program Files\Scan2PDF
2007-11-25 14:04 --------- d-----w C:\Program Files\SimpleOCR
2007-11-25 12:25 --------- d-----w C:\Program Files\ScannerU
2007-11-24 10:44 --------- d-----w C:\Program Files\InfoTag Magic 1.0
2007-11-21 05:29 --------- d-----w C:\Program Files\Paint.NET
2007-11-20 01:05 --------- d-----w C:\Program Files\Tracker Software
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 06:46 533 ----a-w C:\Program Files\Softwares'.lnk
2007-10-25 02:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2005-10-20 09:17 28,672 ----a-w C:\Program Files\CloseAll.exe
2005-07-14 18:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 21:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 04:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.

(((((((((((((((((((((((((((((((((((((((((( 重要登錄檔 )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16 122880]
"Kana Reminder"="C:\Tools\Tools\Reminder.exe" [2005-11-29 08:09 1185280]
"Sensiva"="C:\Program Files\Sensiva" [ ]
"Winsplit"="C:\Program Files\Winsplit Revolution 1.8 (1.9NonProperlyWorkable)\WinSplit.exe" [2007-10-10 00:29 2627072]
"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-05 06:29 62976]
"Taskbar Shuffle"="C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe" [ ]
"NetXfer"="C:\Program Files\Xi\NetXfer\NetTransport.exe" [2007-10-08 15:09 1392640]
"Mmm"="C:\Program Files\HACE\Mmm\MmmTray.exe" [2007-06-01 00:01 15872]
"Free Internet Window Washer"="C:\PROGRA~1\FREEIN~1\Clearpch.exe" [2006-12-15 21:29 1498624]
"Ditto"="C:\Tools\Processor\Ditto\Ditto.exe" [2006-08-04 12:20 618496]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:44 140288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 20:00 15360]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-09-10 20:33 6338360]
"Ashampoo PopUpBlocker"="C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe" [2004-02-03 13:13 1216000]
"$Volumouse$"="C:\Program Files\Volumouse\volumouse.exe" [2006-05-27 11:49 26112]
"TrojanKiller"="C:\Program Files\Trojan Killer\TrojanKiller.exe" [2007-12-22 16:58 1366016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-08 01:19 15872]
"RAM Idle Professional"="C:\Tools\System\RAM Idle Professional 3.4\RAM_XP.exe" [ ]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"NuonSoft ShellEnhancer StartupHelper"="C:\Program Files\NuonSoft\ShellEnhancer\StartupHelper.exe" [2006-12-16 11:46 65536]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [ ]
"Aqua"="C:\Program Files\Deskperience\Aqua\wText.exe" [2005-05-06 19:33 1011712]
"avast!"="C:\PROGRA~1\Avast47\ashDisp.exe" [ ]
"Ad-Watch"="C:\Program Files\Ad-Aware 2007\Ad-Watch2007.exe" [2007-11-07 15:49 4579328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-12 20:00 133632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 20:00 15360]

C:\Documents and Settings\-mildy-\「開始」功能表\程式集\啟動\
a-squared Free.lnk - C:\Program Files\a-squared Free\a2free.exe [2008-01-04 01:07:57]
ActiveSyncToggle.exe.lnk - C:\Tools\Tools\ActiveSyncToggle.exe [2007-10-03 21:59:08]
Ad-Aware 2007.lnk - C:\Program Files\Ad-Aware 2007\Ad-Aware2007.exe [2007-10-31 15:18:06]
Brightness&ColorSwapper-gapa.lnk - C:\Program Files\Brightness&ColorSwapper-gapa\Brightness&ColorSwapper-gapa.exe [2007-05-31 05:03:31]
Click-N-Type.LNK - C:\Program Files\Click-N-Type\Click-N-Type.exe [2007-09-27 14:43:14]
ClickOff.lnk - C:\Program Files\ClickOff\Clickoff.exe [2007-04-12 16:02:26]
Export.sxp.lnk - C:\Backup\Nec\Softwares'\StrokeIt\Export.sxp [2007-11-07 15:32:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetFolders"= 1 (0x1)
"NoWinKeys"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\Program Files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-16 13:53]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2005-02-16 16:06]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 05:10]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28681820-917D-11d5-8177-005056FDDA4B}]
rundll32.exe C:\WINDOWS\system32\ShellExt\DafiTech\Cpy2Clip\cpy2clip.dll,CreateUserSettings
.
排程工作資料夾的內容
"2007-05-30 18:28:34 C:\WINDOWS\Tasks\註冊提醒 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-05-30 18:28:34 C:\WINDOWS\Tasks\註冊提醒 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 15:17:25
Windows 5.1.2600 Service Pack 2 NTFS

掃描隱藏的程序...

掃描隱藏的進程...

掃描隱藏的檔案...

掃描完成
隱藏檔案?: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3158]
-> C:\Program Files\Unlocker\UnlockerHook.dll
-> C:\Program Files\UberIcon\UberIcon.dll
-> C:\Program Files\NuonSoft\ShellEnhancer\ShellEnhancer.dll
-> C:\Tools\Processor\Ditto\focus.dll
-> C:\Program Files\Strokeit\mhook.dll
-> C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
-> C:\Tools\Tools\ResizeEnable\ResizeEnable.dll
-> C:\Program Files\Stardock\Object Desktop\RightClick\ShellHook.dll
.
完成時間?: 2008-01-13 15:22:09 - machine was rebooted [-mildy-]
ComboFix-quarantined-files.txt 2008-01-13 07:22:06
.
2007-12-22 03:08:22 --- E O F ---
===========================

Thankssss again....
luckwealth
Active Member
 
Posts: 13
Joined: January 3rd, 2008, 9:45 am

Re: Antivirus and Tv program problems

Unread postby luckwealth » January 13th, 2008, 8:59 am

Oh I just can't believe it!! The problems I doubted to be due to the malware attack abovementioned are all gone!! I only wonder if they're gone for good, hehe....

1) After the Combofix scan, I tried updating a-squared free and it works! my a-squared free is now all updated and doing me a deep scan!!

2) I also tried installing Nod32 and it just can extract and install fine without prompting the error any more!! But I aborted the installation, I've picked Avast instead because during my malware search I read from somewhere Avast is now the most powerful antivirus program out of all. Now my system is protected with Avast and the also newly installed spybot, Ad-Aware, a-squared Free, your recommended spywareguard and spywareblaster, any advice please? Sounds enough? Or unnecessarily too many? So glad I've no more worry about risky internet surfing!!!!

3) So happy indeed I'm now writing you with my Cyberlink Power Cinema airing, just so much fun, hahahahaaaa....!

4) My other mentioned error (also found after the attack) of unusual forever blinking of my virtual mouse tool Click-N-Type still exists, if this can't be fixed, it's okay cuz this won't harm much I think. Perhaps I'd simply reinstall and reconfigure it and see, if you think nothing can be done with it, hehe....

5) The only concern I now can see is the many restore points to be fixed that you mentioned about in the first place. Expecting your kind advice if you think there's still need to fix them please.

6) Just an extra very minor problem after the Combofix scan please. I guess it has somewhat helped tune up the security setting and some of the usual start up programs won't launch until I click "Unlock" in the prompted warning window for each one of them every boot, namely "ditto", "Net Transfer" and "Bitcomet". I'm pretty sure they're free of any odd wares as I've used them safely for years, aren't they? If so, can I save the clicks, and where to do the setting please?

7) Oh right, one other tiny thing I forgot to mention please, Windows starts up with a quick dos-like screen full of words showing for just a second or 2 mainly offering 2 choices of something like "Xp Home" and "Xp Recovery", by default it runs the Xp Home. Nothing seems wrong but does it signal anything abnormal, or should I just leave it like that please?

(8) Excuse me I've one out of topic question if you don't mind answering please, for which I've done many searches without success finding any clues. That is I've another computer I can't switch on at all. Or I should say I can switch it on, the power light turns green alright but there's no signal of working mouse or keyboard either. Both of them haven't any light on, and the monitor doesn't display anything but just a black blank screen so I can't do anything at all. You're soooo extremely expert making me sure within your knowledge you probably have some relevant good forums to recommend maybe, please? Or is there anything any way you'd suggest me to do if you don't mind please? Or kindly just don't hesitate disregarding it please if it's too off-topic to answer, thanks, hehe....

That's all for now, I know if I'm not clean yet, I'm at least not far from clean!! Never thought my big problems can be cured so quick, and even so incredibly quick!! Just how lucky I am to be here, hahahaaaa.... I haven't wrongly named you, my MR Magician!!!!

Thanks a great deal, thankssss....
luckwealth
Active Member
 
Posts: 13
Joined: January 3rd, 2008, 9:45 am

Re: Antivirus and Tv program problems

Unread postby 'KotaGuy » January 13th, 2008, 5:05 pm

Still a couple things left to do... though we're almost finished :)

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    File::
    C:\79F.tmp
    C:\WINDOWS\system32\drivers\hldrrr.exe

    Folder::
    C:\Documents and Settings\-mildy-\Application Data\iWin

    Driver::
    C:\WINDOWS\system32\drivers\ltkiuluurife.sys
    C:\WINDOWS\system32\drivers\kpnffmdfnmti.sys
    C:\sccfg.sys

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply along with a new HijackThis log please.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 284 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware