What is devldr32.exe??

TrevTrev California
edited February 2007 in Spyware & Virus Removal
ok so when i try to turn off my computer it pops up with ending program devldr. But whatever that program is it never ends. so my computer just sits there trying to end that program and it never happens. so i went into msconfig and turned off a startup item called point32. Now my computer rarely does the ending program devldr. but every once in a while it will and then i have to manually turn off my computer.

Does anyone know what this is and why it will not end?
and why the startup item called point32 has anything to do with it?

Comments

  • skywalker45skywalker45 Bloomington, IN. USA
    edited February 2007
    Hi Trev,

    devldr32.exe is part of sound card software from Creative, and point32 (and I'm assuming it's point32.exe) is a microsoft file that deals with its intellimouse. I'm not sure why or even how those two would interact with each other. You should post this in the hardware forum to see if anyone there could help. If you would like you could post a hijack this log and we could take a look to make sure you're clean. Let me know what you would like to do.
  • TrevTrev California
    edited February 2007
    Hi skywalker, Thanks for your help
    I dont know what a hijack this log is?
    What do I do?
  • skywalker45skywalker45 Bloomington, IN. USA
    edited February 2007
    Here you go:

    Click here to download HJTsetup.exe. Save it to your Desktop!
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    • Copy and paste the log here
    DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
  • TrevTrev California
    edited February 2007
    when i first treid to run it it came up with a bunch of warnings??
    But when it was done giving me warnings it gave me this

    Logfile of HijackThis v1.99.1
    Scan saved at 5:43:18 PM, on 2/11/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for ¼æx: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
  • skywalker45skywalker45 Bloomington, IN. USA
    edited February 2007
    Hi Trev. A couple of things going on here. One is I don't see any Anti-Virus software running in your log nor a firewall. Please download and installing one of the following free Anti-Virus products and install it:

    Next download and install one of these free firewalls:

    It really doesn't matter which ones you choose but you really need to do it. Once you've done that please follow these instructions:
    • Download this file - combofix.exe
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log for you. Post that log in your next reply. If the log does not open automatically it can be found in C:\combofix.txt

      Note: Do not mouseclick combofix's window while it's running. That may cause it to stall

    Post back with the combofix log and a fresh Hijack This log.
    :)
  • TrevTrev California
    edited February 2007
    I downloaded avast. it seems to work great!
    Then i tried to download zonealarm and it gave me this message:
    "C:\Documents and Settings\Trevr\Local Settings\Temporary Internet Files\Content.IES\yjuj2DUN\zlsSetup_70_302_000_en[1].exe" is not a valid win32 application
    I dont know what that message means.

    then i downloaded the combofix.exe but i forgot to restart my computer after i downloaded avast. I dont know if that makes any difference. If it does than i can run it again.
    when i ran the program the scan only took like a total of 2 mins



    "Trevr" - 07-02-13 15:57:56 Service Pack 1
    ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Trevr\Desktop"

    /wow section not completed - STAGE #4

    ((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


    2007-02-13 15:27 94,424 --a
    C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-02-13 15:27 90,112 --a--c--- C:\WINDOWS\system32\AVASTSS.scr
    2007-02-13 15:27 85,952 --a
    C:\WINDOWS\system32\drivers\aswmon.sys
    2007-02-13 15:27 689,280 --a--c--- C:\WINDOWS\system32\aswBoot.exe
    2007-02-13 15:27 43,176 --a
    C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-02-13 15:27 31,560 --a
    C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-02-13 15:27 23,352 --a
    C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-02-11 17:41 <DIR> d
    C:\Program Files\Hijackthis
    2007-02-04 01:00 <DIR> d----c--- C:\DOCUME~1\Trevr\Application Data\Flock
    2007-02-04 01:00 <DIR> d
    C:\Program Files\Flock
    2007-01-21 11:46 <DIR> d----c--- C:\DOCUME~1\Trevr\Shared
    2007-01-21 11:46 <DIR> d----c--- C:\DOCUME~1\Trevr\Incomplete
    2007-01-21 11:44 <DIR> d
    C:\Program Files\LimeWire
    2007-01-21 11:44 <DIR> d
    C:\Program Files\Java
    2007-01-21 11:44 <DIR> d
    C:\Program Files\Common Files\Java
    2007-01-21 11:43 <DIR> d----c--- C:\DOCUME~1\Trevr\.limewire
    2007-01-21 11:12 <DIR> d
    C:\Program Files\FreeRIP2
    2007-01-21 00:59 <DIR> d
    C:\Program Files\PCPitstop
    2007-01-20 23:23 <DIR> d
    C:\Program Files\Audacity
    2007-01-19 12:53 51,056 --a
    C:\WINDOWS\system32\sirenacm.dll
    2007-01-17 17:02 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
    2007-01-17 16:48 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Napster
    2007-01-15 13:58 444 --a
    C:\WINDOWS\system32\d3d8caps.dat


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-02-08 20:45
    d
    C:\Program Files\msn messenger
    2007-02-04 11:57
    d
    C:\Program Files\Common Files\adobe
    2007-02-04 03:20
    d
    C:\Program Files\Common Files\installshield
    2007-02-04 01:00
    d----c--- C:\DOCUME~1\Trevr\Application Data\mozilla
    2007-01-17 16:54
    d--h
    C:\Program Files\installshield installation information
    2007-01-14 00:48
    d----c--- C:\DOCUME~1\Trevr\Application Data\macromedia
    2007-01-09 19:50
    d----c--- C:\DOCUME~1\Trevr\Application Data\adobe
    2007-01-09 18:16 664 --a
    C:\WINDOWS\system32\d3d9caps.dat
    2007-01-07 13:11
    d
    C:\Program Files\creative
    2007-01-03 01:40
    d
    C:\Program Files\online services
    2007-01-03 01:38
    d----c--- C:\DOCUME~1\Trevr\Application Data\msn6
    2007-01-02 19:34
    d----c--- C:\DOCUME~1\Trevr\Application Data\lavasoft
    2007-01-02 19:34
    d
    C:\Program Files\lavasoft
    2007-01-02 02:35
    d----c--- C:\DOCUME~1\Trevr\Application Data\opera
    2007-01-01 17:20 20640
    C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-01-01 17:20 109568
    C:\WINDOWS\system32\pxinsi64.exe
    2007-01-01 17:20 108544
    C:\WINDOWS\system32\pxcpyi64.exe
    2006-12-26 18:57
    d
    C:\Program Files\viewpoint
    2006-12-26 18:56 335 --a--c--- C:\WINDOWS\nsreg.dat
    2006-12-22 15:48
    d---sc--- C:\DOCUME~1\Trevr\Application Data\microsoft
    2006-12-18 20:00
    d
    C:\Program Files\irfanview


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak software updater.lnk"
    "backup"="C:\\WINDOWS\\pss\\Kodak software updater.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\KODAK\\KODAKS~1\\7288971\\Program\\KODAKS~1.EXE "
    "item"="Kodak software updater"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="apdproxy"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\apdproxy.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="aim6"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="AHQTB"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Creative\\SBLive\\AudioHQ\\AHQTB.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bargains"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\BullsEye Network\\bin\\bargains.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="point32"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iTunesHelper"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="lxbkbmgr"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msnmsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speed racer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CTSRReg"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Creative\\PlayCenter\\CTSRReg.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrustyHound-TS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="TrustyHound-TS"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\TrustyHound-TS\\TrustyHound-TS.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="type32"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Updreg"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\Updreg.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="YAHOOM~1"
    "hkey"="HKCU"
    "command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=dword:00000002
    "iPod Service"=dword:00000003
    "IDriverT"=dword:00000003
    "Creative Service for CDROM Access"=dword:00000002
    "AdobeActiveFileMonitor5.0"=dword:00000002
    "Spooler"=dword:00000002
    "WmdmPmSN"=dword:00000003


    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0



    ********************************************************************

    catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-02-13 15:59:01



    I just got done restarting my computer and here is the hijackthis log

    Logfile of HijackThis v1.99.1
    Scan saved at 4:38:37 PM, on 2/13/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for ¼æx: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

    I also found out what was wrong with devldr.exe. it had to do with creative sound

    By the way thank you so much for all your help!
  • skywalker45skywalker45 Bloomington, IN. USA
    edited February 2007
    No problem.
    :)

    Give me some time to go over the combofix log and we'll continue.
  • TrevTrev California
    edited February 2007
    have you taken a look at the log yet?
  • skywalker45skywalker45 Bloomington, IN. USA
    edited February 2007
    Sorry about the delay Trev. I would like to see a different kind of log from Hijack This. Please follow the instructions below:
    • Run Hijackthis.
    • Click on Open the Misc Tools section.
    • Next click on Open uninstall manager.
    • Press the Save list button. It will open a Notepad file.
    • Save the file to your desktop, with the default name of uninstall_list
    • Copy & Paste the entire contents of that file in your in your next post.
  • TrevTrev California
    edited February 2007
    Ad-aware 6 Personal
    Ad-Aware SE Personal
    Adobe Flash Player 9 ActiveX
    Adobe Help Center 2.1
    Adobe Photoshop Elements 5.0
    Adobe Reader 6.0.1
    Adobe Shockwave Player
    ALi USB2.0 Driver
    Audacity 1.2.6
    avast! Antivirus
    CardRd81
    CCScore
    CR2
    FreeRIP v2.951
    Hijackthis 1.99.1
    HijackThis 1.99.1
    J2SE Runtime Environment 5.0 Update 8
    Kodak EasyShare software
    KSU
    LimeWire 4.12.6
    Microsoft Office 2000 Professional
    QuickTime
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905495)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924496)
    SFR
    Sound Blaster Live! Value
    Update for Windows XP (KB835409)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Viewpoint Media Player
    Windows Installer 3.1 (KB893803)
    Windows Live Messenger
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB828741
    Windows XP Hotfix - KB833987
    Windows XP Hotfix - KB835732
    Windows XP Hotfix - KB840987
    Windows XP Hotfix - KB841356
    Windows XP Hotfix - KB841533
    Windows XP Hotfix - KB842773
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB871250
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB873376
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891711
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Hotfix - KB918439
    Windows XP Hotfix - KB918899
    Windows XP Hotfix - KB925486
  • skywalker45skywalker45 Bloomington, IN. USA
    edited February 2007
    Hi Trev. That looks good. I need to work up a registry fix file for you and I'll post it tonight.
    :)
  • TrevTrev California
    edited February 2007
    ok no need to rush.
    thanks skywalker!
  • skywalker45skywalker45 Bloomington, IN. USA
    edited February 2007
    I don't see any evidence of active malware in your HJT logs but the combofix log revealed a registry entry of Bulls Eye Network. This is Bargain Buddy adware that's likely dead in your machine but there's no need not to fix the registry. I can't be sure this is what is causing your problem with devldr32.exe and there are some dead entries in the HJT log that we'll fix after this. Now open Notepad and copy and paste all the text below into the Notepad window:
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]

    Save the file to your desktop as regfix.reg. In the save as files of type field choose all files. Note that you must do this in order for the file to work.

    Close Notepad then locate regfix.reg on your desktop. Double click on the file. It will ask you if you want to allow this file to merge with the registry. Please click OK to allow this change.

    Afterward please run Hijack This again and have it do a system scan only. Put a check (tick) next to the following entry:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    Afterward please reboot the PC and post a fresh Hijack This log.
  • TrevTrev California
    edited February 2007
    did you want me to push fix checked?
    I dont think it did anything. because i didnt push fix checked.
    but here is the log.
    Also im pretty sure devldr32.exe has to do with creative sound that i have...


    Logfile of HijackThis v1.99.1
    Scan saved at 5:55:05 PM, on 2/22/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for ¼æx: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  • skywalker45skywalker45 Bloomington, IN. USA
    edited February 2007
    Yes Trev, I'm sorry. Please run Hijack This again and this time click Fix Checked then post another Hijack This log.
    :)
  • TrevTrev California
    edited February 2007
    Here you go:)


    Logfile of HijackThis v1.99.1
    Scan saved at 3:54:10 PM, on 2/24/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for ¼æx: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  • TrevTrev California
    edited February 2007
    Hey skywalker I read A thread about combofix
    Please take a look
    I dont know if i can post links but let me try
    If it works click<A HREF="http://www.short-media.com/forum/showthread.php?t=54508">Here</A&gt;
  • TrevTrev California
    edited February 2007
    no it didnt work just coppy this into your browser
    http://www.short-media.com/forum/showthread.php?t=54508
  • skywalker45skywalker45 Bloomington, IN. USA
    edited February 2007
    Yeah, that was before this problem with ComboFix arose. We're OK, no worries. Your log looks much better. How is the PC running? If you still have problems with devldr I might recommend to reinstall the sound card drivers if possible.
  • TrevTrev California
    edited February 2007
    it runs pretty good but not as fast as it used to..
    is it possible that i still have a virus?
    And I have that firewall now..
    for some reason i could not download it before.
    It works great!

    i also downloaded kaspersky and i did a scan but there were tons and tons of unscannable files. like locked files or something most of them are songs that are not even in my computer??
    There are so many of them that i cant even fit them in this post so i will just post a few of them.
    Maybe you can help?


    KASPERSKY ONLINE SCANNER REPORTKASPERSKY ONLINE SCANNER REPORT
    Sunday, February 25, 2007 10:09:53 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build
    2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 26/02/2007
    Kaspersky Anti-Virus database records: 273370


    Scan Settings
    Scan using the following antivirus databaseextended
    Scan Archivestrue
    Scan Mail Basestrue

    Scan TargetMy Computer
    A:\
    C:\
    D:\
    E:\

    Scan Statistics
    Total number of scanned objects39648
    Number of viruses found0
    Number of infected objects0 / 0
    Number of suspicious objects0
    Duration of the scan process01:55:35

    Infected Object NameVirus NameLast Action
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked
    skipped

    C:\Documents and Settings\LocalService\Local Settings\Application
    Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application
    Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local
    Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet
    Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped


    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked
    skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application
    Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application
    Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked
    skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked
    skipped

    C:\Documents and Settings\Trevr\Cookies\index.dat Object is locked skipped


    C:\Documents and Settings\Trevr\Local Settings\Application
    Data\Microsoft\Messenger\rosted69@hotmail.com\SharingMetadata\Logs\Dfsr00005.log
    Object is locked skipped

    C:\Documents and Settings\Trevr\Local Settings\Application
    Data\Microsoft\Messenger\rosted69@hotmail.com\SharingMetadata\pending.dat
    Object is locked skipped

    C:\Documents and Settings\Trevr\Local Settings\Application
    Data\Microsoft\Messenger\rosted69@hotmail.com\SharingMetadata\Working\database_238_E026_38E0_1A85\dfsr.db
    Object is locked skipped

    C:\Documents and Settings\Trevr\Local Settings\Application
    Data\Microsoft\Messenger\rosted69@hotmail.com\SharingMetadata\Working\database_238_E026_38E0_1A85\fsr.log
    Object is locked skipped

    C:\RECYCLER\S-1-5-21-1275210071-746137067-1957994488-1004\Dc1039.C\Greatest
    Hits\16 Jam-Master Jay.wma Object is locked skipped

    C:\RECYCLER\S-1-5-21-1275210071-746137067-1957994488-1004\Dc1039.C\Greatest
    Hits\17 Down With the King.wma Object is locked skipped

    C:\RECYCLER\S-1-5-21-1275210071-746137067-1957994488-1004\Dc1039.C\Greatest
    Hits\18 Christmas in Hollis.wma Object is locked skipped

    C:\RECYCLER\S-1-5-21-1275210071-746137067-1957994488-1004\Dc1039.C\Greatest
    Hits\AlbumArtSmall.jpg Object is locked skipped

    C:\RECYCLER\S-1-5-21-1275210071-746137067-1957994488-1004\Dc1039.C\Greatest
    Hits\AlbumArt_{D6C581DF-22F3-43B2-ADD4-FCE8A69A7656}_Large.jpg Object is
    locked skipped

    C:\RECYCLER\S-1-5-21-1275210071-746137067-1957994488-1004\Dc1039.C\Greatest
    Hits\AlbumArt_{D6C581DF-22F3-43B2-ADD4-FCE8A69A7656}_Small.jpg Object is
    locked skipped

    C:\RECYCLER\S-1-5-21-1275210071-746137067-1957994488-1004\Dc1039.C\Greatest
    Hits\desktop.ini Object is locked skipped

    C:\RECYCLER\S-1-5-21-1275210071-746137067-1957994488-1004\Dc1039.C\Greatest
    Hits\Folder.jpg Object is locked skipped

    C:\RECYCLER\S-1-5-21-1275210071-746137067-1957994488-1004\Dc1074\Balance
    Sheet.xls Object is locked skipped

    C:\RECYCLER\S-1-5-21-1275210071-746137067-1957994488-1004\Dc1074\Dictionaries\MyWords.dct
    Object is locked skipped

    C:\RECYCLER\S-1-5-21-1275210071-746137067-1957994488-1004\Dc1074\NSE
    letter.doc Object is locked skipped

    C:\RECYCLER\S-1-5-21-1275210071-746137067-1957994488-1004\Dc1074\Paper
    1.rtf Object is locked skipped

    C:\RECYCLER\S-1-5-21-1275210071-746137067-1957994488-1004\Dc1074\Templates\To
    Do(1).pwi Object is locked skipped

    C:\RECYCLER\S-1-5-21-1275210071-746137067-1957994488-1004\Dc1074\Templates\Zager
    Guitar Library.pwi Object is locked skipped

    C:\RECYCLER\S-1-5-21-1275210071-746137067-1957994488-1004\Dc1074\Thumbs.db
    Object is locked skipped

    C:\RECYCLER\S-1-5-21-1275210071-746137067-1957994488-1004\Dc1074\unrwifi.exe
    Object is locked skipped

    C:\System Volume
    Information\_restore{5455FA6F-C8E2-4749-AD05-20EF065F29FB}\RP140\change.log
    Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked
    skipped

    C:\WINDOWS\temp\Perflib_Perfdata_5cc.dat Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped
Sign In or Register to comment.