Author Topic: Computer is going slow:( (Read 2229 times)

satin · « **on:** December 29, 2007, 12:48:04 PM »

My comp has been lagging and running slow recently and i dont know why, so please help me, greatly appreciated and thanks in advance.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.e4me.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192410379513
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 3611 bytes

guestolo · « **Reply #1 on:** December 29, 2007, 12:59:36 PM »

You cut off the whole top part of your log, and I'm not sure that your running the latest version of Hijackthis

Try this
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum

To copy and paste the Whole log
You can use these steps
In the Hijackthis log>>Click EDIT at the top menubar
and then SELECT ALL
Then EDIT and select COPY
Come back here and PASTE to your reply

satin · « **Reply #2 on:** December 29, 2007, 01:21:32 PM »

sorry here you go....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:22 PM, on 12/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.e4me.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192410379513
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 3610 bytes

guestolo · « **Reply #3 on:** December 29, 2007, 01:32:22 PM »

Can you do the following
I want to see a couple other logs, it will give me a bit more info

Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt

Also include extra.txt

If you need more than one reply to post both logs, please do so

satin · « **Reply #4 on:** December 29, 2007, 01:44:36 PM »

ok here is the MAIN part

Deckard's System Scanner v20071014.68
Run by Nathan on 2007-12-29 13:38:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
30: 2007-12-29 18:38:22 UTC - RP203 - Deckard's System Scanner Restore Point
29: 2007-12-28 16:22:13 UTC - RP202 - System Checkpoint
28: 2007-12-27 01:50:35 UTC - RP201 - Installed The Sims Complete Collection
27: 2007-12-25 18:26:31 UTC - RP200 - System Checkpoint
26: 2007-12-24 03:43:36 UTC - RP199 - Installed Google Earth.

-- First Restore Point --
1: 2007-12-15 02:16:02 UTC - RP174 - Installed Windows XP KB917422.

Backed up registry hives.
Performed disk cleanup.

[color=\"red\"]Total Physical Memory: 255 MiB (512 MiB recommended).[/color]

-- HijackThis (run as Nathan.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:54 PM, on 12/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Nathan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nathan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.e4me.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192410379513
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 3600 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 XDva008 - c:\windows\system32\xdva008.sys (file missing)
S3 XDva031 - c:\windows\system32\xdva031.sys (file missing)
S3 XDva032 - c:\windows\system32\xdva032.sys (file missing)
S3 XDva033 - c:\windows\system32\xdva033.sys (file missing)
S3 XDva039 - c:\windows\system32\xdva039.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2007-11-29 and 2007-12-29 -----------------------------

2007-12-29 12:44:32 0 d-------- C:\Program Files\Trend Micro
2007-12-29 12:39:49 0 d-------- C:\Program Files\CCleaner
2007-12-28 22:52:48 0 d-------- C:\Program Files\IrfanView
2007-12-26 15:02:10 0 d-------- C:\Documents and Settings\Brandon\Application Data\uTorrent
2007-12-25 20:33:53 0 d-------- C:\users
2007-12-25 07:50:56 0 d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2007-12-25 07:35:47 0 d-------- C:\Program Files\ReflexiveArcade
2007-12-24 16:31:12 0 d-------- C:\Documents and Settings\Brandon\Application Data\Google
2007-12-23 22:43:59 0 d-------- C:\Program Files\Google
2007-12-23 22:43:59 0 d-------- C:\Documents and Settings\Nathan\Application Data\Google
2007-12-17 17:58:14 0 d-------- C:\WINDOWS\.file_store_32
2007-12-16 09:52:12 0 d-------- C:\Program Files\Maxis
2007-12-14 22:05:52 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-14 22:00:25 0 d-------- C:\WINDOWS\system32\LogFiles
2007-12-14 22:00:25 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-14 21:53:43 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2007-12-14 21:52:35 0 d-------- C:\WINDOWS\Prefetch
2007-12-14 20:01:25 0 d-------- C:\WINDOWS\peernet
2007-12-14 20:01:21 0 d-------- C:\WINDOWS\provisioning
2007-12-14 19:20:16 0 d-------- C:\Documents and Settings\Billy\Application Data\uTorrent
2007-12-11 09:16:25 0 d-------- C:\Documents and Settings\Nathan\Application Data\MSN6
2007-12-11 09:16:25 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2007-12-10 08:49:52 102400 --a------ C:\WINDOWS\system32\ProgHelp.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2007-12-10 08:49:52 44440 --a------ C:\WINDOWS\system32\MtpAccess.dll
2007-12-10 08:17:29 110592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL <Not Verified; ENJsoft Corporation; SelfMusicVideo>
2007-11-30 18:53:45 0 d-------- C:\Documents and Settings\Billy\Application Data\Sun

-- Find3M Report ---------------------------------------------------------------

2007-12-29 13:18:55 0 d-------- C:\Documents and Settings\Nathan\Application Data\uTorrent
2007-12-29 12:04:17 0 d-------- C:\Program Files\SwiftSwitch
2007-12-26 20:50:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-16 10:11:45 764 --a------ C:\WINDOWS\eReg.dat
2007-12-14 21:57:18 0 d-------- C:\Program Files\MSN Messenger
2007-12-14 20:03:30 0 d-------- C:\Program Files\Messenger
2007-12-14 20:01:28 0 d-------- C:\Program Files\Movie Maker
2007-12-14 19:51:54 0 d-------- C:\Program Files\Windows NT
2007-12-14 19:20:21 0 d-------- C:\Program Files\uTorrent
2007-11-25 16:40:12 0 d-------- C:\Program Files\Yahoo!
2007-11-22 10:59:23 2262 --a------ C:\WINDOWS\mozver.dat
2007-11-21 17:10:42 0 d-------- C:\Program Files\Common Files\Real
2007-11-21 17:10:41 0 d-------- C:\Program Files\Real
2007-11-21 17:10:41 0 d-------- C:\Documents and Settings\Nathan\Application Data\Real
2007-11-21 17:10:23 0 d-------- C:\Program Files\Common Files
2007-11-20 15:36:02 118784 --a------ C:\WINDOWS\system32\MaDRM.dll <Not Verified; (?)

?; MaDRM ?? ??

?? with PKI>
2007-11-20 15:35:40 40960 --a------ C:\WINDOWS\system32\MAMACExtract.dll <Not Verified;

?;

? MAMACExtract>
2007-11-19 17:05:45 0 d-------- C:\Program Files\HyCam2
2007-11-15 17:10:50 0 d-------- C:\Program Files\QuickTime
2007-11-15 16:48:48 0 d-------- C:\Documents and Settings\Nathan\Application Data\Apple Computer
2007-11-14 18:56:19 0 d-------- C:\Documents and Settings\Nathan\Application Data\acccore
2007-11-11 14:02:52 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-10 18:03:54 335847 --a------ C:\WINDOWS\system32\scvhost
2007-11-10 01:28:11 0 d-------- C:\Program Files\Apple Software Update
2007-11-04 23:18:42 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2007-10-21 13:02:29 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-20 22:51:24 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-10-20 20:37:20 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; MicrosoftÂ® Plus! for WindowsÂ® 95>
2007-10-20 20:37:19 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; MicrosoftÂ® Plus! for WindowsÂ® 95>
2007-10-19 19:35:12 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2007-10-19 19:35:12 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2007-10-19 19:35:12 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2007-10-19 19:32:48 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; MicrosoftÂ® Visual Basic for Windows>
2007-10-18 18:28:02 61440 --a------ C:\WINDOWS\wnUninstall.exe
2007-10-14 22:36:04 65024 --a------ C:\WINDOWS\IFinst26.exe
2007-10-07 17:32:41 0 --a------ C:\WINDOWS\nsreg.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [08/08/2001 02:25 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [08/08/2001 01:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 03:11 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 10:51 PM]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [09/20/2007 10:23 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" []
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [11/23/2004 06:51 PM 192512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3B756828-EAD6-1F2E-0400-040407070500}]
C:\WINDOWS\System32\scvhost.exe

-- Hosts -----------------------------------------------------------------------

127.0.0.1   007guard.com
127.0.0.1   www.007guard.com
127.0.0.1   008i.com
127.0.0.1   008k.com
127.0.0.1   www.008k.com
127.0.0.1   00hq.com
127.0.0.1   www.00hq.com
127.0.0.1   010402.com
127.0.0.1   032439.com
127.0.0.1   www.032439.com

7429 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2007-12-29 13:41:28 ------------

HERE IS EXTRA

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Celeron processor
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 254.48 MiB / 89.8 MiB
Pagefile Memory (total/avail): 624.6 MiB / 454.49 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.51 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 18.64 GiB total, 6.06 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST320410A - 18.65 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 18.64 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

UpdatesDisableNotify is set.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ÂµTorrent"
"C:\\Program Files\\Common Files\\NEWS 3 NOW\\TrueWeather.exe"="C:\\Program Files\\Common Files\\NEWS 3 NOW\\TrueWeather.exe:*:Enabled:TrueWeather"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"="C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe:*:Enabled:Utility for RuneScape"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Nathan\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JACK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Nathan
LOGONSERVER=\\JACK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Smart Projects\IsoBuster
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=080a
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Nathan\LOCALS~1\Temp
TMP=C:\DOCUME~1\Nathan\LOCALS~1\Temp
USERDOMAIN=JACK
USERNAME=Nathan
USERPROFILE=C:\Documents and Settings\Nathan
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Owner (admin)
Nathan (admin)
Billy (admin)
Brandon (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ÂµTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Buildalot --> "C:\Program Files\Buildalot\ReflexiveArcade\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HyperCam 2 --> "C:\Program Files\HyCam2\UnHyCam2.exe"
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java(tm) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Lame ACM MP3 Codec --> "C:\WINDOWS\IFinst26.exe" -UC:\Program Files\Lame MP3 Codec\IFU7.inf
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2000 Standard Edition --> C:\Program Files\Microsoft Money\setup\setup.exe
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 2000 --> MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MyFreeCodec --> C:\Program Files\MyFree Codec\09a beta\uninstall.exe
NEWS 3 NOW --> C:\WINDOWS\wnUninstall.exe "NEWS 3 NOW"
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Samsung Media Studio --> C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\Setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SwiftSwitch --> C:\Program Files\SwiftSwitch\Uninstal.exe
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Sims Complete Collection --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}\setup.exe" -l0x9 -l0009
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

-- Application Event Log -------------------------------------------------------

Event Record #/Type682 / Success
Event Submitted/Written: 12/29/2007 10:17:26 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type671 / Success
Event Submitted/Written: 12/28/2007 11:08:43 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type666 / Success
Event Submitted/Written: 12/28/2007 08:17:04 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type631 / Success
Event Submitted/Written: 12/25/2007 11:12:15 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type628 / Error
Event Submitted/Written: 12/25/2007 07:47:03 AM
Event ID/Source: 11316 / MsiInstaller
Event Description:
Product: Microsoft .NET Framework 2.0 -- Error 1316.A network error occurred while attempting to read from the file: C:\DOCUME~1\Nathan\LOCALS~1\Temp\IXP000.TMP\netfx.msi

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type3963 / Warning
Event Submitted/Written: 12/29/2007 01:18:18 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type3960 / Warning
Event Submitted/Written: 12/29/2007 01:10:05 PM
Event ID/Source: 15200 / WPDMTPDriver
Event Description:
MTP USB Driver has cancelled the operation 0x100d

Event Record #/Type3957 / Warning
Event Submitted/Written: 12/29/2007 01:04:38 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type3934 / Warning
Event Submitted/Written: 12/28/2007 10:00:33 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type3930 / Warning
Event Submitted/Written: 12/28/2007 09:46:53 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

-- End of Deckard's System Scanner: finished at 2007-12-29 13:41:28 ------------

satin · « **Reply #5 on:** December 29, 2007, 01:55:30 PM »

is that what you wanted?

guestolo · « **Reply #6 on:** December 29, 2007, 02:23:28 PM »

I'm seeing a couple problems
Can you next do the following

Download [color=\"red\"]SDFix[/color] and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

I'll need to see that report later

Back in Windows
Use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color=\"blue\"]Kaspersky Online Scanner[/color]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color=\"#3333FF\"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%[/i].)
The program launches and downloads the latest definition files.

Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
- Scan using the following Anti-Virus database:
  [color=\"#6666CC\"]Extended[/color]
Scan Options:
[color=\"#6666CC\"]Scan Archives[/color]

[color=\"#6666CC\"]Scan Mail Bases[/color]
[/list]
[/list]

Click OK and, under select a target to scan, select My Computer

When the scan is done, in the [color=\"Navy\"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color=\"Navy\"]Save as [/color]prompt, [color=\"navy\"]Save in[/color] area, select: Desktop
In the [color=\"navy\"]File name[/color] area, use KScan, or something similar
In [color=\"navy\"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the [color=\"Navy\"]Kaspersky Online Scanner Report [/color]in your reply.

And also include the report from SDFix

satin · « **Reply #7 on:** December 29, 2007, 09:49:50 PM »

here is the SDfix scan.......SDFix: Version 1.120Run by Nathan on Sat 12/29/2007 at 03:55 PMMicrosoft Windows XP [Version 5.1.2600]Running From: C:\DOCUME~1\Nathan\Desktop\SDFixSafe Mode:Checking Services: Restoring Windows Registry ValuesRestoring Windows Default Hosts FileRebooting...Normal Mode:Checking Files: Trojan Files Found:C:\WINDOWS\system32\scvhost - DeletedRemoving Temp Files...ADS Check:C:\WINDOWSNo streams found. C:\WINDOWS\system32No streams found. C:\WINDOWS\system32\svchost.exeNo streams found. C:\WINDOWS\system32\ntoskrnl.exeNo streams found. Final Check:catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-12-29 16:05:56Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden services & system hive ...scanning hidden registry entries ...scanning hidden files ...scan completed successfullyhidden processes: 0hidden services: 0hidden files: 19Remaining Services:------------------Authorized Application Key Export:[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1""C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)""C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:Ã¦Torrent""C:\\Program Files\\Common Files\\NEWS 3 NOW\\TrueWeather.exe"="C:\\Program Files\\Common Files\\NEWS 3 NOW\\TrueWeather.exe:*:Enabled:TrueWeather""C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger""C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM""C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"="C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe:*:Enabled:Utility for RuneScape""C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1""C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"Remaining Files:---------------File Backups: - C:\DOCUME~1\Nathan\Desktop\SDFix\backups\backups.zipFiles with Hidden Attributes:Sun 14 Oct 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"Fri 14 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"Fri 14 Dec 2007 8,913,016 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2ddfe46b45214573a0c1029d3fb2d13c\BITF.tmp"Finished! ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, December 29, 2007 9:46:44 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 29/12/2007 Kaspersky Anti-Virus database records: 500065-------------------------------------------------------------------------------Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: trueScan Target - My Computer: A:\ C:\ D:\Scan Statistics: Total number of scanned objects: 70696 Number of viruses found: 1 Number of infected objects: 1 Number of suspicious objects: 0 Duration of the scan process: 02:32:43Infected Object Name / Virus Name / Last ActionC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skippedC:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skippedC:\Documents and Settings\Billy\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skippedC:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skippedC:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skippedC:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skippedC:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\xc7t15a4.default\cert8.db Object is locked skippedC:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\xc7t15a4.default\history.dat Object is locked skippedC:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\xc7t15a4.default\key3.db Object is locked skippedC:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\xc7t15a4.default\parent.lock Object is locked skippedC:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\xc7t15a4.default\search.sqlite Object is locked skippedC:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\xc7t15a4.default\urlclassifier2.sqlite Object is locked skippedC:\Documents and Settings\Nathan\Cookies\index.dat Object is locked skippedC:\Documents and Settings\Nathan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\Nathan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\Nathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xc7t15a4.default\Cache\_CACHE_001_ Object is locked skippedC:\Documents and Settings\Nathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xc7t15a4.default\Cache\_CACHE_002_ Object is locked skippedC:\Documents and Settings\Nathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xc7t15a4.default\Cache\_CACHE_003_ Object is locked skippedC:\Documents and Settings\Nathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\xc7t15a4.default\Cache\_CACHE_MAP_ Object is locked skippedC:\Documents and Settings\Nathan\Local Settings\History\History.IE5\index.dat Object is locked skippedC:\Documents and Settings\Nathan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skippedC:\Documents and Settings\Nathan\NTUSER.DAT Object is locked skippedC:\Documents and Settings\Nathan\ntuser.dat.LOG Object is locked skippedC:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skippedC:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skippedC:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skippedC:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skippedC:\System Volume Information\_restore{058AE4F6-965F-4400-83F0-2086E5BA0FD9}\RP199\A0050814.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skippedC:\System Volume Information\_restore{058AE4F6-965F-4400-83F0-2086E5BA0FD9}\RP203\change.log Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\1394bus.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\1b1fxj77.zip Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\61883.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\6to4svc.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\6to4svc.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\731jvrlv.dat Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\7drpb9br.zip Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\access.cpl Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\accessor.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\accwiz.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\acgenral.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\aclayers.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\aclua.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\aclui.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\acpi.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\acspecfc.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\activeds.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\actmovie.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\actshell.htm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\actxprxy.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\acverfyr.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\acxtrnal.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\adcjavas.inc Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\adcvbs.inc Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\admin.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\admin.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\admparse.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\adojavas.inc Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\adovbs.inc Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\adsldp.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\adsldpc.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\adsmsext.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\adsnt.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\advapi32.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\advpack.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\aec.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\afd.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\agentanm.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\agentctl.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\agentdp2.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\agentmpx.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\agentpsh.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\agentsr.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\agtctl15.tlb Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\agtintl.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\agtscrpt.js Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ahui.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\alg.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\alrsvc.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\amdk6.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\amdk7.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\amstream.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\apphelp.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\apphelp.sdb Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\apph_sp.sdb Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\apps.chm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\apps_sp.chm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\appwiz.cpl Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\arial.ttf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\arialbd.ttf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\arp1394.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\asctrls.ocx Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\asferror.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\asfsipc.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\asycfilt.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\at.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atapi.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ati2dvaa.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ati2dvag.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ati2mtaa.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ati2mtag.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ati3d1ag.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ati3d2ag.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atiixpaa.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atiixpag.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atinbtxx.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atinmdxx.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atinpdxx.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atinraxx.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atinrvxx.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atinsnxx.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atinttxx.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atintuxx.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atinxbxx.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atinxsxx.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atiradn1.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ativdaxx.ax Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ativmvxx.ax Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atixpwdm.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atl.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atm.chm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atmadm.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atmarpc.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atmfd.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atmlane.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\atmlib.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\au.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\audiosrv.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\author.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\author.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\authz.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\autochk.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\autoconv.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\autofmt.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\autolfn.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\avc.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\avifil32.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\basesrv.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\batmeter.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\batt.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\bda.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\bda.inf.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\bdaplgin.ax Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\bdasup.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\bidispl.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\biosinfo.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\bitsprx2.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\bitsprx3.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\bridge.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\browselc.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\browser.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\browseui.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\browseui.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\browsewm.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cabinet.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cabview.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\callcont.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\callcont.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\camocx.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\catsrv.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\catsrvps.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ccdecode.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ccdecode.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ccdecode.sys.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cdfs.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cdfview.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cdm.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cdosys.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cdrom.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\certcli.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\certmgr.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cewmdm.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cfgbkend.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cfgmgr32.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cfgwiz.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\chajei.ime Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cimwin32.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cimwin32.mfl Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cimwin32.mof Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cintime.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cintsetp.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ciodm.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ciodm.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cisvc.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\classpnp.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cliconfg.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cliconfg.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cliconfg.rll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\clipbrd.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\clusapi.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\clzr1v5v.zip Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cmbatt.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cmcfg32.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cmd.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cmdial32.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cmdl32.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cmmon32.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cmprops.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cmstp.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cmutil.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cnbjmon.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\colbact.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\comadmin.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\comadmin.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\comctl32.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\comctl32.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\comdlg32.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\comexp.chm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\comic.ttf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\compact.wmz Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\compatui.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\compstui.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\comrepl.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\comres.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\comuid.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\conf.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\confmrsl.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\conime.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\connected_data.htm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\connected_fr.htm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\connected_multiple.htm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\connected_networks.htm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\connected_wizard.htm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\corpol.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cpanel.chq Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cplexe.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cpu.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\credui.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\crusoe.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\crypt32.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cryptdlg.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cryptdll.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cryptext.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cryptnet.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cryptui.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cscdll.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cscript.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\cscui.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\csrsrv.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\csrss.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\custsat.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\d3d8.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\d3d8.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\d3d8thk.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\d3d9.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\d3dim700.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\danim.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dao360.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dataclen.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dataspec.xml Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\datetime.chm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\davclnt.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\daxctle.ocx Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dayi.ime Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dbghelp.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dbmsrpcn.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dbnetlib.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dbnmpntw.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dcache.bin Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dcap32.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dciman32.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ddeshare.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ddraw.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ddraw.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ddrawex.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\default.htm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\defltwk.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\defrag.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\desk.cpl Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\devenum.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\devmgr.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\devxprop.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dfrgfat.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dfrgntfs.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dfrgsnap.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dfrgui.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dfsshlex.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dgnet.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dhcpcsvc.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dhcpcsvc.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dhtmled.ocx Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dialer.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\diantz.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\digest.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dinput.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dinput.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dinput8.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dinput8.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\directdb.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\disk.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\diskdump.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\diskpart.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dlimport.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dllhost.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmadmin.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmband.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmband.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmboot.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmcompos.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmcompos.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmdskmgr.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmime.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmime.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmio.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmloader.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmloader.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmremote.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmscript.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmscript.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmserver.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmstyle.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmstyle.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmsynth.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmusic.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmusic.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmusic.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dmutil.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dnsapi.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dnsapi.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\docprop2.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dosx.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpcdll.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dplaysvr.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dplayx.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpmodemx.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpnaddr.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpnet.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpnet.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpnhpast.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpnhpast.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpnhupnp.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpnhupnp.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpnlobby.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpnsvr.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpup.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpvacm.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpvoice.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpvoice.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpvsetup.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpvsetup.exe.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpvvox.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpwsockx.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dpwsockx.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\drmclien.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\drmk.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\drmstor.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\drmv2clt.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\drprov.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\drvindex.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\drvmain.sdb Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ds32gt.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dsdmo.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dsdmoprp.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dshowext.ax Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dskquota.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dskquoui.chm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dsound.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dsound3d.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dsprop.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dsprpres.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dsquery.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dssec.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dssenh.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dsuiext.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dswave.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dtsgnup.htm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dumprep.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\duser.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dvdupgrd.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dwup.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dwwin.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dx7vb.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dx8vb.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dxdiag.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dxdiag.exe.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dxdiagn.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dxg.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dxmasf.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dxmrtp.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dxtmsft.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dxtmsft.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dxtrans.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\dxtrans.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\els.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\encapi.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\encapi.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\encdec.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\error.js Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ersvc.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\es.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\es.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\esent.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\esscli.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\eudcedit.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\evconcepts.chm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\eventlog.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\evntagnt.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\evntcmd.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\evntrprv.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\evntwin.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\explorer.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\expsrv.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\extrac32.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fastfat.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fastprox.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\faultrep.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\faxpatch.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fdc.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\feclient.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\filefold.chm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\filelist.xml Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\filelist.xml.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\filemgmt.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\file_srv.chm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\findstr.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fldrclnr.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fldrclnr.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\flpydisk.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fontext.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fontview.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\footer.htm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fp4.cat Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fp40ext.cab Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fp40ext.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fp40ext.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fp4amsft.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fp4anscp.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fp4apws.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fp4areg.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fp4atxt.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fp4autl.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fp4avnb.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fp4avss.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fp4awebs.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fp4awel.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fp98sadm.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fp98swin.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fpadmcgi.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fpadmdll.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fpcount.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fpencode.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fpexedll.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fpmmc.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fpmmcsat.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fpremadm.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fpsrvadm.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\framebuf.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\framedyn.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ftp.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxsapi.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxsclnt.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxscom.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxscomex.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxscover.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxsdrv.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxsevent.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxsext32.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxsmon.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxsocm.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxsocm.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxsperf.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxsres.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxsst.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxssvc.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxst30.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxstiff.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxsui.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxswzrd.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\fxsxp32.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\gameenum.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\gckernel.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\gdi32.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\gdi32.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\glu32.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\gpkrsrc.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\grpconv.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\guitrn.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\guitrn_a.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\h323.tsp Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\h323cc.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\h323msp.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hal.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hal.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\halaacpi.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\halacpi.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\halapic.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\halmacpi.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\halmps.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hardware.chm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hccoin.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hdwwiz.cpl Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\helpctr.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\helpctr.exe.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hh.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hh.exe.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hhctrl.ocx Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hhctrl.ocx.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hhsetup.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hhsetup.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hid.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hidclass.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hiddigi.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hidir.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hidparse.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hidphone.tsp Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hidserv.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hidserv.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hmmapi.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hnetcfg.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hnetwiz.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hostmib.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hotplug.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\howto.chm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hschelp.chm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hscupd.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hscxpsp1.cab Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\html32.cnv Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\htui.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hvxzv93t.dat Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\hypertrm.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\i81xnt5.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\i81xnt5.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\i81xwfp0.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\i81xwfp1.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\i81xwfp2.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\i81xwfp3.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\i81xwfp4.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\i81xwtv0.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\i81xwtv1.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\i81xwtv2.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\i81xwtv3.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\i81xwtv4.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\iac25_32.ax Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\iasrad.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\icaapi.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\iccvid.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\icm32.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\icm32.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\icmp.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\iconlib.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ics.htm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\icwconn.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\icwconn1.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\icwconn2.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\icwdial.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\icwdl.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\icwhelp.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\icwphbk.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\icwrmind.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\icwutil.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\idq.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ie.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ie4uinit.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ieaccess.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ieakeng.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ieaksie.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\iedkcs32.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\iepeers.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\iepeers.dll.000 Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\iernonce.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\iesetup.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ieuinit.inf Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\iexplore.chm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\iexplore.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\iexpress.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ifmon.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\igmpagnt.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\iis.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\ils.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\imaadp32.acm Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\imagehlp.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\imapi.exe Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\imapi.sys Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\imekr61.ime Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\imekrcic.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall$\imekrmbx.dll Object is locked skippedC:\WINDOWS\$NtServicePackUninstall�

guestolo · « **Reply #8 on:** December 30, 2007, 12:46:14 AM »

'Try the following

Go to the following link
http://www.billsway.com/vbspage/
Scroll down the page
and download the "Registry Search Tool"
Unzip RegSrch.zip to the desktop
Double click on RegSrch.vbs

**If you get a warning from your Anti Virus please ignore it and allow this to run.**
When it starts, you will be prompted to enter a search phrase.
Enter this:

3B756828-EAD6-1F2E-0400-040407070500

Click OK, it will disappear and won't look as if it's doing anything. When it's done searching, a prompt will come up saying how many instances it found. Click OK, and a notepad will open up. Please copy the contents of that notepad and paste it here.

satin · « **Reply #9 on:** December 30, 2007, 12:25:19 PM »

am i almost done with this whole process?...

satin · « **Reply #10 on:** December 30, 2007, 12:31:08 PM »

REGEDIT4
; RegSrch.vbs Â© Bill James

; Registry search results for string "3b756828-ead6-1f2e-0400-040407070500" 12/30/2007 12:26:40 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3B756828-EAD6-1F2E-0400-040407070500}]

[HKEY_USERS\S-1-5-21-3529363498-4025279379-689279713-1005\Software\Microsoft\Active Setup\Installed Components\{3B756828-EAD6-1F2E-0400-040407070500}]

guestolo · « **Reply #11 on:** December 30, 2007, 12:31:10 PM »

[quote name=\'satin\' post=\'416090\' date=\'Dec 30 2007, 10:25 AM\']am i almost done with this whole process?...[/quote]

~~Are you or are you not going to do the last reply I posted?~~
I see you now posted it
It's up to you, I'm sorry, you run your computer with no Antivirus software installed
and you get a virus, imagine that
Is this too much for you, let me know and I'll just lock this topic?

guestolo · « **Reply #12 on:** December 30, 2007, 12:38:24 PM »

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

Code: [Select]

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3B756828-EAD6-1F2E-0400-040407070500}]

[-HKEY_USERS\S-1-5-21-3529363498-4025279379-689279713-1005\Software\Microsoft\Active Setup\Installed Components\{3B756828-EAD6-1F2E-0400-040407070500}]

Double click on fix.reg and allow to add/merge to the registry at the prompt

Running Kaspersky online scan is not the same as having your own AV software actively protecting your computer

I suggest that you install a free one if you don't have one to install
ONLY install one, more than one can, and will cause conflicts
Try AVG7 free from this link
AVG 7 by Grisoft

After you install and update I would run it's scan
Come back here and let me know how things are running

NOTE: You could use with adding more system Memory (Ram)

satin · « **Reply #13 on:** December 30, 2007, 01:23:01 PM »

Thanks, so maybe you should keep this unlocked..just so that after i scan i can give you heads up on stuff

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'

\' /> thanks for everything by the way

satin · « **Reply #14 on:** December 30, 2007, 04:12:34 PM »

hey, did a full scan, no threats or anything where found, thanks

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #15 on:** December 30, 2007, 05:15:22 PM »

[quote name=\'satin\' post=\'416208\' date=\'Dec 30 2007, 02:12 PM\']hey, did a full scan, no threats or anything where found, thanks

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'

\' />[/quote]

Good work
Can you supply me with one last fresh hijackthis log and I'll give you some final recommendations

satin · « **Reply #16 on:** December 30, 2007, 05:31:13 PM »

Here is that log you asked for.....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:32 PM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.e4me.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192410379513
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4745 bytes

guestolo · « **Reply #17 on:** December 30, 2007, 06:04:12 PM »

One orphan entry to remove
Do a "System scan only" with Hijackthis and put a check next to this entry

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

I see you have "Viewpoint Manager" installed
It usually get's installed unknowing with products such as AIM
I recommend uninstalling it from Add/remove programs
There may be more than one entry related to Viewpoint in add/remove
Remove them all
I do see Viewpoint Media Player, so ensure you uninstall it

Afterwards, reboot the computer if prompted

Delete fix.reg from desktop

If everything is running fine
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name and click Create
Windows will prompt when it was created successfully

When that's done

Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating

Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made

Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning

Just some final steps
Go to START>>RUN>>Copy then paste the next command below in bold
Then hit OK

combofix /u

This will uninstall combofix and it's components

Let's remove other tools we used earlier
Download this tool:
[color=\"blue\"]OTMoveIt[/color] by OldTimer:

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list
Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer, don't mouseclick during the wait as you may cause the tool to stall
Select Yes to reboot Now

NOTE: This procedure will also delete OTMoveit.exe from desktop

I suggest that you add SpywareBlaster to your protection software
this program does NOT need to run in the background to supply protection
SpywareBlaster 3.5.1 by JavaCool

After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

Also, check and download updates with Spybot
Ensure to use the Immunize feature after every update

NOTE: Hold onto AVG, it will randomly run a scan on your computer periodically
This is controlled in the scheduled tasks
Ensure to leave Updater task enabled

I'm not sure of the make/model of the computer
But it probably wouldn't hurt to purchase another 256mb Ram and install it
Should help improve the speed of the computer

Hope that helps

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

satin · « **Reply #18 on:** December 30, 2007, 07:35:01 PM »

i know:(..about the ram thing.. anyways, thank you super much for the help, so my comp should go a little faster now?

guestolo · « **Reply #19 on:** December 30, 2007, 07:51:12 PM »

[quote name=\'satin\' post=\'416352\' date=\'Dec 30 2007, 05:35 PM\']i know:(..about the ram thing.. anyways, thank you super much for the help, so my comp should go a little faster now?[/quote]

I would opt to get more Ram, that should help it get a bit faster
Besides that, your log is clean

News:

Author Topic: Computer is going slow:( (Read 2229 times)