Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91979 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Many problems


  • This topic is locked This topic is locked
27 replies to this topic

#1 klois

klois

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 18 March 2007 - 03:29 AM

There seems to be a lot of different things wrong. My computer seems to be going a lil haywire, and I was hoping someone could help. I've done Ad-aware, Spybot, AVG, and the ATF Cleaner. Here are the logs, and I can be more descriptive of what is happening after someone has posted. Thanks.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:00:28 AM 3/18/2007

+ Scan result:



C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047306.exe -> Adware.DownloadWare : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047312.exe -> Adware.Exact : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047313.exe -> Adware.MDH : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047330.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047304.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047318.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047307.dll -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047319.dll -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP466\A0047719.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0060012.sys -> Backdoor.Bulknet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047299.exe -> Backdoor.Delf.avh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047300.exe -> Backdoor.Delf.avh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047317.exe -> Dialer.GBDialer.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047321.exe -> Downloader.Agent.aef : Cleaned with backup (quarantined).
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe1174110493 -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP461\A0046110.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP461\A0046111.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP461\A0046112.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP461\A0046113.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP461\A0046114.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP461\A0046115.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP461\A0046167.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047267.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP467\A0047961.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP467\A0047962.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP467\A0047963.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP467\A0047965.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP467\A0047966.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP467\A0047971.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP467\A0047974.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP467\A0047978.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bak\lsasss.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047273.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047298.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047305.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047316.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047324.exe -> Downloader.Small.cpt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047320.exe -> Downloader.Small.crd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047323.dll -> Downloader.Small.crd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047309.exe -> Downloader.Small.cyn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047322.dll -> Downloader.Small.cyn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047325.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047271.exe -> Downloader.Small.dgk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047315.exe -> Downloader.Small.dgk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047326.exe -> Downloader.Small.dzd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047310.dll -> Downloader.Small.dzf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047302.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047308.exe -> Dropper.Small.atw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP453\A0043847.dll -> Proxy.Agent.jk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP454\A0043870.dll -> Proxy.Agent.jk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP455\A0044794.dll -> Proxy.Agent.jk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP456\A0044804.dll -> Proxy.Agent.jk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP456\A0045794.dll -> Proxy.Agent.jk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP457\A0045796.dll -> Proxy.Agent.jk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP458\A0045805.dll -> Proxy.Agent.jk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP458\A0045820.dll -> Proxy.Agent.jk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP458\A0045853.dll -> Proxy.Agent.jk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP459\A0045879.dll -> Proxy.Agent.jk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP459\A0045889.dll -> Proxy.Agent.jk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP467\A0047977.dll -> Proxy.Agent.jk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047329.exe -> Proxy.Dlena.ax : Cleaned with backup (quarantined).
C:\WINDOWS\system32\koos.exe -> Proxy.Wopla.ag : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kprof -> Proxy.Wopla.ag : Cleaned with backup (quarantined).
C:\WINDOWS\system32\poof -> Proxy.Wopla.ag : Cleaned with backup (quarantined).
[224] C:\Documents and Settings\All Users\Documents\Settings\partnership.dll -> Proxy.Xorpix.bc : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\ip6fw.sys -> Rootkit.Agent.dp : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Gary Keipper\Application Data\Mozilla\Firefox\Profiles\r77q3dwm.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.12:C:\Documents and Settings\Brad Keipper\Application Data\Mozilla\Firefox\Profiles\ajbeth58.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Jeremy Keipper\Cookies\jeremy keipper@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.37:C:\Documents and Settings\Brad Keipper\Application Data\Mozilla\Firefox\Profiles\ajbeth58.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.38:C:\Documents and Settings\Brad Keipper\Application Data\Mozilla\Firefox\Profiles\ajbeth58.default\cookies.txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Jeremy Keipper\Cookies\jeremy keipper@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0054011.dll -> Trojan.Agent.afg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP468\A0049009.dll -> Trojan.Agent.agv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0054012.dll -> Trojan.Agent.agv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0054013.dll -> Trojan.Agent.agv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\update2.exe -> Trojan.Agent.bou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047328.exe -> Trojan.Agent.oh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047301.dll -> Trojan.LuckyBar888.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047303.dll -> Trojan.LuckyBar888.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047311.sys -> Trojan.PdPinch.bs : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047314.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047331.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047327.exe -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047269.exe -> Worm.Nuwar.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047270.exe -> Worm.Nuwar.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047272.exe -> Worm.Nuwar.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP462\A0047332.exe -> Worm.Nuwar.i : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 5:20:10 AM, on 3/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Documents and Settings\Jeremy Keipper\ie_updater.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Bit Comet\BitComet\tools\BitCometBHO_1.1.2.7.dll (file missing)
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {946a18ee-f66c-4631-8f24-388828de2e45} - C:\WINDOWS\system32\audctm.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\system.dll (file missing)
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\tmp24.tmp.dll (file missing)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "G:\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\nnonnl.dll",setvm
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\Bit Comet\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\Bit Comet\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\Bit Comet\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! GoStop - http://download.game...ts/y/gst1_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxq.dll
O20 - Winlogon Notify: audctm - C:\WINDOWS\SYSTEM32\audctm.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ieupdater21 (Microsoft IEUpdater21) - Unknown owner - C:\Documents and Settings\Jeremy Keipper\ie_updater.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    Advertisements

Register to Remove


#2 Gary R

Gary R

    MRU Administrator

  • MRU Teachers
  • 1,462 posts

Posted 19 March 2007 - 03:20 AM

Hi Klois,

I'm Gary R, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
If you can do these things, everything should go smoothly.
  • Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


First update AVG Anti-Spyware to the latest definitions.

We need to remove a service.
  • Click Start > Run now type sc stop "Microsoft IEUpdater21" click OK.
  • Click Start > Run now type sc delete "Microsoft IEUpdater21" click OK.
Note: There is a space between sc and stop/delete, and a space between stop/delete and "Microsoft IEUpdater21", also a space between Microsoft and IE.

Now run a scan with HJT and check the following items (if found).

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Bit Comet\BitComet\tools\BitCometBHO_1.1.2.7.dll (file missing)
O2 - BHO: (no name) - {946a18ee-f66c-4631-8f24-388828de2e45} - C:\WINDOWS\system32\audctm.dll
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\system.dll (file missing)
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\tmp24.tmp.dll (file missing)

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\nnonnl.dll",setvm
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab

O20 - AppInit_DLLs:
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxq.dll
O20 - Winlogon Notify: audctm - C:\WINDOWS\SYSTEM32\audctm.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)

O23 - Service: ieupdater21 (Microsoft IEUpdater21) - Unknown owner - C:\Documents and Settings\Jeremy Keipper\ie_updater.exe


Close all open Windows and click Fix Checked to remove them.

Make sure that you can see hidden files and folders.
  • Click Start.
  • Click My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Click Yes to confirm.
  • Uncheck the Hide file extensions for known file types.
  • Uncheck Hide protected operating system files a pop up will appear, answer Yes
  • Click OK.
Reboot your computer into Safe Mode
  • If your computer is running, shut down Windows, then turn the power off.
  • Wait 30 seconds, then turn the computer on, and begin tapping the F8 key.
  • The Windows Advanced Options Menu appears. (If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again).
  • Select Safe Mode using the up/down arrow keys.
  • Press Enter.
  • Log on with an account that has administrator priviledges (NOT the account named Administrator).
Now find and delete the following files (in bold).

C:\WINDOWS\system32\audctm.dll
C:\WINDOWS\nnonnl.dll
C:\WINDOWS\system32\lsasss.exe
C:\WINDOWS\system32\a3dxq.dll
C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
C:\Documents and Settings\Jeremy Keipper\ie_updater.exe


CAUTION: Be careful when deleting the file lsasss.exe, there is a legitimate file lsass.exe which is essential to your computer (note the extra s in the rogue file). If in doubt, right click the file and check its properties, the legit file should be signed by Microsoft. If in any doubt do not delete it, let me know.

Let me know of any problems.

Run a scan with AVG.
  • Click on Scanner
    • Click on the Settings tab, and set the following settings.
      • How to act
      • Click on Recommended actions, and set to Quarantine.
    • How to scan
      • Check all options.
    • Possibly unwanted software.
      • Check all options.
    • Reports
      • Check Automatically generate report after every scan.
      • Uncheck Only if threats were found.
    • What to scan
      • Check Scan every file.
  • Click on the Scan tab.
    • Click on Complete System Scan and the scan will begin.
    • When the scan has finished
    • Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the Apply all Actions button.
Note: Don't save the report before you hit the Apply action button.

Close AVG Anti-Spyware.

AVG will save a report in the following location C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports

REBOOT INTO NORMAL MODE.

Send me the new AVG log and a new HJT log please.

Edited by Gary R, 19 March 2007 - 03:48 AM.

Gary R

Posted Image

#3 klois

klois

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 19 March 2007 - 08:21 PM

Sorry, this website or maybe its the internet explorer, they keep making my screen turn black, or maybe its completely unrelated =/ I double posted the next post twice, so I'm explaining in this post. I wanted to make sure I got it posted, so I kept hitting the button. I'm sorry. Also, I didn NOT do the AVG or Hijack this scan in safe mode. I did the scan once in safe mode and realized I didn't take any action against the things it found, so I just redid it in normal mode. Once again, sorry for the 2 posts.

Edited by klois, 19 March 2007 - 08:25 PM.


#4 klois

klois

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 19 March 2007 - 08:21 PM

These Files I Couldn't Find

C:\WINDOWS\nnonnl.dll
C:\Documents and Settings\All Users\Documents\Settings\partnership.dll

I have more than one user on this computer. This is also my 3rd attempt
at replying. My computer screen keeps going black whenever I attempt to reply.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:14:40 PM 3/19/2007

+ Scan result:



C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0062029.sys -> Backdoor.Bulknet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0062082.sys -> Backdoor.Bulknet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0063097.sys -> Backdoor.Bulknet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0060016.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0060017.exe -> Proxy.Wopla.ag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0061028.sys -> Rootkit.Agent.dp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0062050.sys -> Rootkit.Agent.dp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0062061.sys -> Rootkit.Agent.dp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0062070.sys -> Rootkit.Agent.dp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0062074.sys -> Rootkit.Agent.dp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0062095.sys -> Rootkit.Agent.dp : Cleaned with backup (quarantined).
C:\Documents and Settings\Jeremy Keipper\Cookies\jeremy keipper@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Jeremy Keipper\Cookies\jeremy keipper@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Jeremy Keipper\Cookies\jeremy keipper@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Jeremy Keipper\Cookies\jeremy keipper@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Jeremy Keipper\Cookies\jeremy keipper@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Gretchen Keipper\Cookies\gretchen keipper@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Jeremy Keipper\Cookies\jeremy keipper@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Jeremy Keipper\Cookies\jeremy keipper@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Jeremy Keipper\Cookies\jeremy keipper@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Jeremy Keipper\Local Settings\Temporary Internet Files\Content.IE5\SJARK325\macme20070305[1] -> Trojan.Agent.agv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0060018.exe -> Trojan.Agent.bou : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 10:15:41 PM, on 3/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {946a18ee-f66c-4631-8f24-388828de2e45} - C:\WINDOWS\system32\audctm.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "G:\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\Bit Comet\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\Bit Comet\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\Bit Comet\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! GoStop - http://download.game...ts/y/gst1_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#5 Gary R

Gary R

    MRU Administrator

  • MRU Teachers
  • 1,462 posts

Posted 20 March 2007 - 01:07 AM

Hi Klois,

OK, your HJT log looks much better, however you appear to have missed one entry.

Run a scan with HJT and check the following entry.

O2 - BHO: (no name) - {946a18ee-f66c-4631-8f24-388828de2e45} - C:\WINDOWS\system32\audctm.dll (file missing)


Click Fix Checked to remove it.

Can't see anything that should be causing the black screen problem, so lets look a little deeper.

Download GMER and unzip it to your Desktop. (It will create a folder GMER)

Alternate Download Site
  • Disconnect from the Internet, and close all running programmes.
  • There is a small chance this programme may crash your computer, so save any work you have open.
  • Open the GMER folder, and double click gmer.exe
  • Let the gmer.sys driver load if asked.
  • If it gives you a warning at programme start about rootkit activity and asks if you want to run a scan ..... click OK.
  • If no warning:
    • Click Rootkit tab.
    • Ensure that All the boxes to the right of the program are checked except Show All.
    • Click Scan.
  • Once scan is finished click Copy.
    • Click Start > Run then type Notepad.exe then click OK.
    • This will open a Notepad file.
    • Hit Ctrl+V to paste log into it.
    • Save the log to your Desktop.
  • Reconnect to internet and post the log please.
Can you send me an Uninstall List and a Startup List please

Creating an Uninstall List
  • Open HJT, and click on Config, followed by Misc Tools.
  • Click on Open Uninstall Manager, and then click on Save List.
  • This will create a file uninstall_list.txt and prompt you to save it to your HJT folder.
  • Save it please.
Creating a Startup List
  • Open HJT, and click on Config followed by Misc Tools.
  • Check List also minor sections (full) and List empty sections (complete) before clicking on Generate StartUpList log.
  • A window will open asking for permission to create a log, answer Yes.
  • Notepad will open a text file, Save it please. By default it will be named startuplist.txt and saved to your HJT folder.
Please do an online scan with Kaspersky Online Scanner

Note: You must be using Internet Explorer as your browser as it will be necessary to install an Active X component to your computer.

Important If you have previously used Kaspersky Online Scanner (before 8th Aug 2006), you will have to uninstall the old version using Add/Remove Programs in Control Panel before you can use the new version.

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings.
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK.
  • Now under select a target to scan select My Computer.
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post please, along with the other logs I've asked for. (Please post them seperately or they may get cut off by the forum post size limiter).
Note: The Kaspersky online scanner is not yet fully compatible with IE7. You may get returned to a window without the Accept/Decline buttons after allowing the ActiveX control. The buttons are there - you just can't see them! Click on the zoom button (bottom, right of the window) and change it from 100% to 75%. You should now see the buttons. Reset to 100% once the license has been accepted.
Gary R

Posted Image

#6 klois

klois

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 21 March 2007 - 12:28 AM

Okay, I should have gotten the thing i missed with the HJT scan last time. I also dled GMER and tried it a few times and each time, it would work for about 2 minutes and then my screen would turn black, as it did previously when i had trouble posting. Here are my HJT lists that you asked for. 7-Zip 3.13 ABBYY FineReader 4.0 Sprint Ad-aware 6 Personal Adobe Acrobat 5.0 Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 9 ActiveX Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Reader 8 Adobe Stock Photos 1.0 Adobe® Photoshop® Album Starter Edition 3.0 AIM 6.0 AOL Instant Messenger AOpen FM56-SVV Soft PCI Modem ArcSoft PhotoImpression 5 Armored Fist 2 Demo Audacity 1.2.4 AVG Anti-Spyware 7.5 Baseball Mogul 2003 Battle.net Battlefield 1942 Battlefield 1942: The Road To Rome BitComet 0.84 Black and White CallWave CardRd81 ccCommon CCScore Citrix ICA Web Client CleanUp! Common RTP 1.0 CR2 Cypress USB Mass Storage Driver Installation DAEMON Tools DesertCombat 0.7 DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player EA.com Matchup EA.com Update Empire Earth Empire Earth II EPSON CX 4200 4800 Guide EPSON Printer Software EPSON Scan ESSBrwr ESSCDBK ESSCT ESShelp ESSini ESSPCD ESSPDock ESSSONIC ESSTOOLS ESSTUTOR Final Fantasy VII Freelancer GameSpy Arcade General 4.5e Google Toolbar for Internet Explorer HijackThis 1.99.1 HLPIndex HLPPDOCK HLPSFO Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB926239) HyperLoad Internet Worm Protection Iomega Automatic Backup Pro Iomega Product Registration IrfanView (remove only) iTunes J2SE Runtime Environment 5.0 Update 6 Kazaa Media Desktop 2.1.1 KSU LiveReg (Symantec Corporation) LiveUpdate 3.0 (Symantec Corporation) Logitech Desktop Messenger Logitech Resource Center Mail.com Alert Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft Age of Empires II Microsoft Age of Empires II: The Conquerors Expansion Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Data Access Components KB870669 Microsoft Device Emulator version 1.0 - ENU Microsoft Document Explorer 2005 Microsoft Document Explorer 2005 Microsoft Office XP Professional with FrontPage Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) Microsoft SQL Server 2005 Mobile [ENU] Developer Tools Microsoft SQL Server 2005 Tools Express Edition Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual Basic .NET Standard 2003 - English Microsoft Visual J# 2.0 Redistributable Package Microsoft Visual Studio 2005 Professional Edition - ENU Mozilla Firefox (1.0.7) MSN Gaming Zone MSN Internet Software MSN Messenger 7.5 MSXML 4.0 SP2 (KB927978) MSXML 6.0 Parser (KB927977) MSXML4 Parser NAVShortcut Nero - Burning Rom Network Play System (Patching) NetZero HiSpeed (remove only) NetZero Internet Norton AntiVirus (Symantec Corporation) Norton AntiVirus 2006 Norton AntiVirus Help Norton AntiVirus Parent MSI Norton AntiVirus SYMLT MSI Norton Protection Center Norton WMI Update Notifier NVIDIA Windows 2000/XP Display Drivers OTtBP OTtBPSDK Outerinfo PeerGuardian 2.0 Project64 1.6 QuickTime Raptor Chat 2001 Beta RealPlayer RGSS-RTP Standard Risk 2 RPGXP Security Update for Microsoft .NET Framework 2.0 (KB917283) Security Update for Microsoft .NET Framework 2.0 (KB922770) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929969) SHASTA Shockwave Sid Meier's Alpha Centauri SiS 900 PCI Fast Ethernet Adapter Driver SiS Audio Driver SKIN0001 SPBBC Spybot - Search & Destroy 1.4 Starcraft StarForge StarForge (C:\Program Files\StarForge\) SwiftSwitch Symantec TeamSpeak 2 RC2 The Battle for Middle-earth ™ The Movies™ The Sims 2 The Sims 2 Glamour Life Stuff The Sims 2 Nightlife TurboTax Deluxe 2005 TurboTax ItsDeductible 2005 Ulead Photo Explorer 7.0 SE Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB929338) Update for Windows XP (KB931836) USB Storage Adapter FX (SM1) Viewpoint Media Player WCS Client WexTech AnswerWorks Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows SR 2.0 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 WinRAR archiver WIRELESS Yahoo! Address AutoComplete Yahoo! Browser Services Yahoo! Install Manager Yahoo! Internet Mail

#7 klois

klois

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 21 March 2007 - 12:35 AM

StartupList report, 3/20/2007, 3:30:11 PM
StartupList version: 1.52.2
Started from : C:\HJT\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Jeremy Keipper\Start Menu\Programs\Startup]
Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
PowerReg Scheduler V3.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

nwiz = nwiz.exe /install
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
DAEMON Tools-1033 = "G:\daemon.exe" -lang 1033
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

(Default) =

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

DJSNetCN = C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Yahoo! Pager = "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[AutorunsDisabled]
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
EPSON Stylus CX4800 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
SpyHunter = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[AutorunsDisabled]
spc_w = "C:\Program Files\NZSearch\nzspc.exe" -w
Aim6 = "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssstars.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\NetZero\qsacc\x1IEBHO.dll - {52706EF7-D7A2-49AD-A615-E903858CF284}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
(no name) - c:\program files\google\googletoolbar3.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Run Full System Scan - Jeremy Keipper.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Yahoo! Checkers]
CODEBASE = http://download.game...nts/y/kt4_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Checkers.osd

[Yahoo! Chess]
CODEBASE = http://download.game...nts/y/ct2_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Chess.osd

[Yahoo! Cribbage]
CODEBASE = http://download.game...nts/y/it1_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Cribbage.osd

[Yahoo! Dominoes]
CODEBASE = http://download.game...ts/y/dot8_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Dominoes.osd

[Yahoo! Euchre]
CODEBASE = http://download.game...nts/y/et1_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Euchre.osd

[Yahoo! Fleet]
CODEBASE = http://download.game...s/y/fltt3_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Fleet.osd

[Yahoo! GoStop]
CODEBASE = http://download.game...ts/y/gst1_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! GoStop.osd

[Yahoo! Literati]
CODEBASE = http://download.game...nts/y/tt0_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Literati.osd

[Yahoo! Poker]
CODEBASE = http://download.game...nts/y/pt0_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Poker.osd

[Yahoo! Pool 2]
CODEBASE = http://download.game...ts/y/pote_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Pool 2.osd

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com...ex/qtplugin.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[YInstStarter Class]
InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zon...StatsClient.cab

[InstallShield International Setup Player]
InProcServer32 = c:\windows\DOWNLO~1\isetup.dll
CODEBASE = http://www.napster.c...ient/isetup.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...7578.7441319444

[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
CODEBASE = http://fdl.msn.com/z...s/heartbeat.cab

[YAddBook Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
CODEBASE = http://us.dl1.yimg.c...utocomplete.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\hrtbeat.ocx
CODEBASE = http://fdl.msn.com/z...s/heartbeat.cab

[Solitaire Showdown Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll
CODEBASE = http://messenger.zon...ireShowdown.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Automatic LiveUpdate Scheduler: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
basic2: System32\DRIVERS\HSF_BSC2.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (autostart)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
d347bus: system32\DRIVERS\d347bus.sys (system)
d347prt: System32\Drivers\d347prt.sys (system)
Kodak Camera Proxy: system32\DRIVERS\DcCam.sys (system)
DcFpoint: system32\DRIVERS\DcFpoint.sys (manual start)
Kodak DCFS2K Driver: system32\drivers\dcfs2k.sys (autostart)
Legacy Polling Service: system32\DRIVERS\DcLps.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
dcptp: system32\DRIVERS\DcPTP.sys (manual start)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Symantec Licensing Detect Internet Connection: "C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe" (autostart)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Symantec Eraser Control driver: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (system)
EraserUtilRebootDrv: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
EXAMPLE: \??\C:\WINDOWS\system32\main.sys (system)
Exportit: system32\DRIVERS\exportit.sys (system)
Fallback: System32\DRIVERS\HSF_FALL.sys (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
gmer: System32\DRIVERS\gmer.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
HSFHWBS2: System32\DRIVERS\HSFHWBS2.sys (manual start)
HSF_DP: System32\DRIVERS\HSF_DP.sys (manual start)
hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
Iomega Snapshot Volume Filter: system32\DRIVERS\IABFilt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPodService: C:\Program Files\iPod\bin\iPodService.exe (disabled)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
K56: System32\DRIVERS\HSF_K56K.sys (autostart)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Kodak Camera Connection Software: %SystemRoot%\system32\drivers\KodakCCS.exe (disabled)
kprof: \??\C:\WINDOWS\system32\kprof (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
LiveUpdate: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Logitech USB Monitor Filter: system32\drivers\lvusbsta.sys (manual start)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (disabled)
mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
SQL Server (SQLEXPRESS): "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (disabled)
SQL Server Active Directory Helper: "C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" (disabled)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Visual Studio 2005 Remote Debugger: "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 (disabled)
Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Norton AntiVirus Auto-Protect Service: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070320.018\NAVENG.Sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070320.018\NavEx15.Sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton AntiVirus Firewall Monitor Service: "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe" (autostart)
Norton Protection Center Service: "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE" (manual start)
ntldr.sys: \??\C:\ntldr.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Driver Helper Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Labtec WebCam(PID_0928): system32\DRIVERS\LV561AV.SYS (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
poof: \??\C:\WINDOWS\system32\poof (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Rksample: System32\DRIVERS\HSF_SAMP.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Runtime: \??\C:\WINDOWS\System32\drivers\runtime.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS (manual start)
SAVRTPEL: \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS (system)
Symantec AVScan: "C:\Program Files\Norton AntiVirus\SAVScan.exe" (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Service for AC'97 Sample Driver (WDM): system32\drivers\sis7012.sys (manual start)
SIS AGP Bus Filter: System32\DRIVERS\sisagp.sys (system)
SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)
SiS PCI Fast Ethernet Adapter Driver for NDIS51: system32\DRIVERS\sisnicxp.sys (manual start)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (autostart)
SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart)
SPBBCDrv: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (system)
SPBBCSvc: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
SQL Server Browser: "C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" (disabled)
SQL Server VSS Writer: "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" (manual start)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
StreamDispatcher: System32\DRIVERS\strmdisp.sys (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{7FC01569-9162-44E9-B9C2-7874FE7D5F40} (manual start)
Symantec Core LC: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" (autostart)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20070308.002\symidsco.sys (manual start)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Tones: System32\DRIVERS\HSF_TONE.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
V124: System32\DRIVERS\HSF_V124.sys (autostart)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
winachsf: System32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 41,408 bytes
Report generated in 0.340 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#8 klois

klois

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 21 March 2007 - 12:38 AM

I've noticed my posts are getting cut off. I am checking to make sure they fit the maximum post length tho. =/ I'll post all the ones that seem to have an infection here. KASPERSKY ONLINE SCANNER REPORT Wednesday, March 21, 2007 2:19:48 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 21/03/2007 Kaspersky Anti-Virus database records: 283725 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ Scan Statistics Total number of scanned objects 120063 Number of viruses found 13 Number of infected objects 61 / 0 Number of suspicious objects 0 Duration of the scan process 02:13:02 C:\WINDOWS\system32\main.sys Infected: Trojan.Win32.Agent.ady skipped C:\WINDOWS\system32\29234932ld.exe Infected: Trojan-Proxy.Win32.Dlena.bd skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP443\snapshot\MFEX-1.DAT Infected: Trojan-Proxy.Win32.Xorpix.m skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP444\snapshot\MFEX-1.DAT Infected: Trojan-Proxy.Win32.Xorpix.m skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP466\A0047632.dll Infected: Trojan-Proxy.Win32.Dlena.bo skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP467\A0047964.dll Infected: not-a-virus:AdWare.Win32.Suggestor.f skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP467\A0047979.dll Infected: Trojan.Win32.Obfuscated.ev skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP467\A0047980.dll Infected: Trojan.Win32.Obfuscated.ev skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0061023.exe Infected: Trojan.Win32.Patched.g skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0061027.sys Infected: Trojan.Win32.Agent.ady skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0062023.exe Infected: Trojan.Win32.Patched.g skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0062028.sys Infected: Trojan.Win32.Agent.ady skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0062044.exe Infected: Trojan.Win32.Patched.g skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0062049.sys Infected: Trojan.Win32.Agent.ady skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0062069.sys Infected: Trojan.Win32.Agent.ady skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0062080.dll Infected: Trojan.Win32.Agent.agv skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0063095.sys Infected: Trojan.Win32.Agent.ady skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0064090.exe Infected: Trojan.Win32.Patched.g skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0064097.sys Infected: Trojan.Win32.Agent.ady skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP471\A0065100.exe Infected: Trojan.Win32.Patched.g skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP471\A0065109.sys Infected: Trojan.Win32.Agent.ady skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP471\A0066100.exe Infected: Trojan.Win32.Patched.g skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP471\A0066109.sys Infected: Trojan.Win32.Agent.ady skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP471\A0069100.exe Infected: Trojan.Win32.Patched.g skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP471\A0069104.sys Infected: Trojan.Win32.Agent.ady skipped C:\HJT\backups\backup-20070319-135301-427.dll Infected: Trojan.Win32.Agent.agv skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16B903F7.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18625624.dll Infected: Trojan.Win32.Obfuscated.ev skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18E56594.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F866320.dll Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27073722.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31007828.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\391E31CF.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B4D6CD3.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4037116C.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\410A423A.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\454403DC.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A232A80.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53241A56.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\567968AC.dll Infected: not-a-virus:AdWare.Win32.Suggestor.f skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A2F2296.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A2F2296.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A2F2296.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A2F2296.zip ZIP: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A2F2296.zip CryptFF: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61881A80.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\625C7C20.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6322246A.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\640F13B9.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65C67815.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66894943.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68905D07.php Infected: Trojan-Downloader.Win32.Agent.bjk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68A702EE.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BB52272.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BBB766B.mai Infected: Trojan-Downloader.Win32.Agent.bjk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E29789A.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EF15E02 Infected: Trojan.Win32.Agent.agv skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F152BDB.exe Infected: Trojan.Win32.Agent.agv skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F9E0F44.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BA15EA0.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D262E1C.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

Edited by klois, 21 March 2007 - 12:56 AM.


#9 klois

klois

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 21 March 2007 - 12:41 AM

KASPERSKY ONLINE SCANNER REPORT Wednesday, March 21, 2007 2:19:48 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 21/03/2007 Kaspersky Anti-Virus database records: 283725 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ Scan Statistics Total number of scanned objects 120063 Number of viruses found 13 Number of infected objects 61 / 0 Number of suspicious objects 0 Duration of the scan process 02:13:02 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00959a84eda93f211469ea3a6a54b2ae_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00eb2857fb183048dab06f37f9f7c183_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\013f68194eb54bc60db87f9f7c16b87c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\019b932bdfa91528d100151559aef7b8_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\01b711c7cac06a17ef6317f13e23e09c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\01cf5a818375d153c4353e14f478286a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\028e8b5fe79f43fcac7e8c3f52504569_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\02eff5e34020a51ca5f9257213311bfa_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\034fbd219f800ddc0be6c0bf36725cc9_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0368c8a64c78c88265f77333d6f3b8e4_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\03b0915b927e55a4c5ce7bd935cc875b_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\04008cdea0897c78585205cbae48ccb5_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\04ab456d807de07991f341c1e74c6afc_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\04b17ab6c3b66de01b9b497cf39d26d0_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\052b47188b46dd84feb2d93a69332556_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\065645d76b00b68843a3749179a3c9ef_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0674a0fa23bcaf004cc00f1206529642_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\076e010594a71ee08de9247caf49c87e_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\076f93477202b729d06cbb3cf997f6ab_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\077af7cb1e14b3a54f20a60d7ce0666d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0822509f6893b8530942766758b5058a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08919933a593a569b8bd97b4d00c3e42_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08b76520b8baf6f2d8f24891b7cf1ebb_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08c6074662420643919cc1f309395d83_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\099dfd5251845e9ca9fc68bec9434203_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\09daf140f68270e50717434f005c8078_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0a2ce3dd73887d09dbddaf2f4b94bd15_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0a3e3c24cf926e4aebdcbae589f37532_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b1af28ac0ff6d2b5b72eafef280014c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b221b23dfd8d88bdbce37b9a534c709_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b25c561da3ec293a31079b1831bb61c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b27805bccd32f97d9e21f0b9738b70c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b2a00e41268faf4521da83cf9688e42_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b7efb5db7e7791e9ba1ac3408012578_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b9b302187e3e57e6ef379978a3eef72_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c54bf5308e7121394b54e2ac2c45738_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c8fba97c006e44eba81a5de2f46bbe7_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c9553b3bcd71a89e0ce7542a06d25ff_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0da4a36d22249f4daff6e17fb42357a0_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0df8fe7b5d0d34a1ef8b4a70ad7c3a47_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0dfdb1dc6603b0e9819629c92417b515_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f5acb3f1bc41ca930d46d6e327ea6b8_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ffc77ce2f7afff31a8c52a75ff5f3d6_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\102fa57777834513d9940fafea853de5_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\10456104db4efd62b8771fe8d6e8c269_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\109b1030a1b77827c9b0446a80d69c24_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\10cbae421f11208427a021870ec56451_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1151713c182549eedeac533f5f7b04da_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\11e138019b166e62269216ae1c8fd0fb_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\127f6bf390efdb4d4bc1dc0b4d919b35_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\128c91801d0a06762942e900908a88af_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\13b36e6a6e4f26d8f624b154a5997a6a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1416c6e1f7aafb1d16eaedc7bf10e5ec_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\14724aeae39b6e60f6e4bd85c674d0df_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\147354662197e3bf5254b7c9f68bed13_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\14da10f236d72f5183534a5de7dfed76_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\158d3d471b4434aaf8184ac7a9bc2262_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15b21acd1800ab1d847a456f42a1290d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15ef4a21a4c184fb05cab8aa2770f2c7_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1660427772baf25ef3268cffdcf90e6d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\166ca7bea054b11aaedb5a7ec591c4a2_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\167190b97394fdcef858d0dc786f2544_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\16e96b029818271caf502dc165c6a595_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\16f02d3f4782a786e0435466d6f243ff_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\16fef7f390558aa363e8082876b92fe7_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1728a8fda2df0bd3c4a179198c85b4cd_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1759a9fee3e2e514bb874e7b88fa1825_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\178b0f75e9d0201d63b7f127813bffe3_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\17b7d40b912180e334b11068cd39488d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\17c716ff664246d2fed58ee362bc0df3_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\18d649abe7d02ab66ce9a9e94605f98e_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\196f0871369ed5691a77a50a3b24e178_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19dea776f5949023697a1a30567f31ed_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19ee381f596295dc54c2eb69dbcdbad3_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19f34bbab9bfb5e199e3c4377a6e6878_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ab9e844da75b1b850b0ece30c5c469c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1aca880b032ec41e2177b12151a1c615_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1af2d0a079de96626a9f46175fe924d0_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b58903b5a6ce3ba274823cc67b0f8e6_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c372bae23df7993ea28dfa1573fdfed_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c5bc87f6e1dd60920744d777386c662_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d0e39dad1a450fa6e9eb5fb89afebae_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d5539370d7abe61034ad183a86ff7c9_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d5f9df689536c26bd2b93bd4c90ad76_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f6aebd5de3c7dd0dd4b0921116a6796_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ff4c8ae4be547ddd76ee06f95035c21_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2083705b437ee9dc4632185493dedd7b_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\20be2ab812cc3899c61cb085920e0faf_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\21df44157b9d552dd8a203069d6768e9_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\22be1186ae3a76d7b1373f91e4f37380_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23bfc429448db5d2e8f9959e613fda4f_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23e7a0ad2360610207ef57a4df377661_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24543e6709a812c8f36ccf16c8e78451_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24d071b3e19f70b2636aae7130363981_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24d95c6f02c51dbdfa4158208bca8a9a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24e65cccc7174e01388ea861f212aaea_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\25fbe02368fbc9f6891c318d5137c55c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\267580109404443fd880d7a5cb003176_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\269533823c1ab4203046566de47942a9_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\26a6f14c7e887fd4d9b4191f53210a7c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\26ad5fd27d9330e9db239d25079352d1_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2803491c34f565be7700915beac21942_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\28c92383e6d6e32f4420ffb9ec548a37_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\28e1bd6e0ab79022d7a842a12f545bc0_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\293fdde154bb6ef1d07ed9c3fe43687a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\29598399c4cd56da8dbde9e6cfcc0309_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\29d9ae1f3f9eea6d31d5ca5400fc2cf2_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2a515d7cdb217252f021da722f6aad3e_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2a6c8e039ee026af27b112bdd4d2d23f_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2ac7074b258662c458ffca07776279b2_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b5fe8c440bbcfaa20a702a7d4781b5b_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2bc5d257dc5e950acefd3fe2a38a4d2f_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d529876178c279c7d3e2ae69c5b7395_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2dfa41772f782cd1ee9c7083b0ba1776_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e2c039c45759b4c6364df7552b4497d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f6926b27cb8c5125411dcc57b3b3ce5_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2fa32187b7551cb8f00238231a089fee_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2fac62467594417035bc77e5c404c42a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\304e1d8d05d3edfa73190f876d8d2703_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\309199e747a8a96f2237ba2c09af251d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\309a899a598edd748a09166f81690fed_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\311cb9174959651fb3188d0a533e3603_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3125a67aa25affc9023031f766435f59_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\31684a0865c243f72206c7c31f36a0e9_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3285232b161bce45ac8f66d832898dd3_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\32dcff8c431ff65091d2ec6d615f4d03_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\339941fa205a80814ec16a750e2c49b7_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\349712802a93e2d3191b0ad153d4aaa5_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\34b6dfe132fd693d5216a59eafded78b_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35156bffe59847f2418a9a83e7d66393_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35594e1e1f239156ee31f339f94d5f7e_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35af6b95960f0fc2524834931a00da5f_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35c051f1fb70343f753ae1c11d896210_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3650e5a5e4cab1186f08bb837d3dc2f5_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\36881b467eaa34b781d357f71e170f64_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\36dc12d1ef3b4d49e21db3a96be00f0c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37610b66b468a57cf8de154234b80fa3_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\381b1d519a750aa68d17b2b5a0347935_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\390c9809f85f4961781eb2160236dcfe_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39344d42aa625a121b13f7cc19f45696_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\394d3768581d60668dccf32fdb56dd5f_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\399daa6c558ced638a62798568e9aa8c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39a3694c73124ed7ba2d58a910eca458_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39b4d674ccb8582cb6cba6201808ced5_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ab37fdc91c6169cb96df63edda4801a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ac4bbd4289e55c470441069a7871b1a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3acfc52a540366387847c944d9d2bbef_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3b141e2e86ebbcb71aecea33896a48c3_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3b21b1654f12cb86b34ecf37093cc99f_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3bee9e15897ba13a55494c3ae2fdfb41_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3cb42238961d8b6a0e30e15eecebae93_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3cd3140df60e45b6c89ff0230366f170_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3cf58029b5174ac4891dfe107d27ca2c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d2f3e787b022cf02e7c6ae33e69522d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d76c10c6544a816f301c15277b1850a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d91089c55ae8c80d831df932f8d2b15_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3dac357d713d0224d42bcbbc9b5a5bbf_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3dbd5222dd6011539bc646460f0641cf_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e50a77a868f6d2153ac8706327e29d7_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ebd5b82515bd8ddf0c92554033b01bb_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3f8b7996155c4e239648243dc0540495_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3f9801ba581b30d1526067ca77d17c00_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40763241d43bc3df2a61c603bfe1ae56_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40f70e4512516e7c4d778648839d2dab_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\41a31e7bacc364e6afd82ba29685cc7d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4246715a35464a0e86e87a4c7265830f_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4301323ff192052da2a43c26f423a4f1_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\434481216de738f47ccc287fea157c1d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4385c83f3397e19037646b15b9f2e87d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\43a96cd9834ce95c925dddbe67eb3ae8_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4421c22bcdfb45115e435fc2732bd3e0_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\44682d864e3153dc026dce821aa1c8ec_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\449280896f24e0e9b4478b1c46ac3e28_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4527da064bef559a3104c4f42a6a9fad_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\452f04e546f938d2dc540b72b8254e0a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\462553cae1d3caa8db727f8fde9ae42d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\462c694818f09bac7070fdba059432c5_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46481c5dd2abf15ad39d27704adfd5ee_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4694270cdd78f91d63f74dce5f8188e3_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46c4cee728d0124d8f43146c72771b98_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47a1bb3b437b0925f75d7b825b75fc69_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\48352dc03777af8dad08c8d1160adc77_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\48e01cdf2400a1931b855cd3e4468054_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\492610de1921e1c8d70eb6273f0008ec_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4994cea30decbac331d91745776ca5ca_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a06e297349cfd3ed89c6bc69a10f5bb_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a68ed4218058feefe88aaa7e7fca0bd_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4b12c8491b8d569e00e476d47837f48d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4b1aafb7d486da531761d20cabbfef82_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4b570228aaa44ffe238bf8bdff73a684_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c4e4d874a7719b8b161d684b18ec5d9_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c8131a74ea1eb45985ae72d668bc8fc_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c8b34cbed277a87ecb4fc15919ec490_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4ccf862f2bc640fd8343cb2115591f59_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4ee73b587bfa87447ce703e6b8ed9fce_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f3db0385881a113402f0d07d5e9e62d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4fa89af82605a3b67bd843dd9e888a5d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4fa9f945c384460fb2146595d9a5a032_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4fe4cbfea7d778cdacd58ff475b69338_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\50349ae4a6e5ad7568bc43295a1e9ec7_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\504a9b0ba847c6dc6daa64ba1b3e4228_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\507832c0c5d8c312ff7de28f5755830f_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\50918d509585bf3f32e89da2b9c88a24_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51432d5cfda95c389e255bec339e898f_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5165bbf1c4850147828d2d32e409b7fd_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51796af7fd830e1301feec720bc1074a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51ee706c4d872765bf07727f94f54d72_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\52618f470432eb1e8053bdf8c09a83e1_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\529710517813ab12e3dc2394e961d673_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\52b521f0c839a6d917188629c2fb614e_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\531783d15b87e29f18a33333bf2b6887_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\535e0d98bb0ee731ab972c2e90644550_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5376152befd18eae0b5f1b591b32d5be_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\544f23bc1b3ff6c1b717327041e30ac0_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\54b8964bb224d6123d44607c4bfd89fd_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\550b0383b8bbfabb2504c05a544b6a23_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\55220a9614d571a468492dd7af97468f_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\55375c8d56bd5b8e73a0bb4bd73ee8ed_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56bc54e5dc193dbdfdb5d50130d25b9e_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56c95421288c04e1637aa522ffce0b45_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\57a71ecc5b740c548d7025c7ce3efa7c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\57f86d3bf75678a195ba96342a86d98d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\581c92053a0c7cde3badefc8b542d4ed_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5821dac57e131ff1b70016f05e2b0c1e_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\583e42adeb3485e9c3b16d82e2ff477b_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\585070041e32e904de841528b39e0c44_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\589698472c256be4811006ad7d0320d0_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\58a3caf4e7351b466436bfe1aab886cb_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\59661a846e324260f6f11d061879130a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5982996f9b9e8e4e824fbb083c904f7a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a6345edea5f8928847ba29c737d8469_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5abb748d8d35b4c4856f1a5cf151ab63_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b6fb7ab7d44b6fbaeb892b879343277_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b75d877543e3a5176a61c9624afb478_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b878c074259a75f15eed3726ea8a042_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ca81244f5b0616422ae9276b6ea64d5_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5d0e0636f481bef3935c64b295cf4b57_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5dbbd3b5de1d0bee733df56d49ffd765_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5dc836dee22e2585855c4f680a54143a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5de168da3c1763c4be9c9675160baccb_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5de2bcec8e2d5004e475b183cb7242fb_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5eccb7220283a01ae9738c6e832e9acf_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f9e866d3c44890c2f59beac5446835e_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5fb276474ad5add5b17df489f02b7378_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5fc0a270275c958e798cc054d60e76d3_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5fe2b8a3a201df1a717a0f05114574e5_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6008b12de489e0e7127125b4907d7e31_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\602ccec6eb614982c2b141d70211be0f_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\60c6f9ae6acaa9f7a069062b9d492238_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6109ff3ed0b18f1bb85fa261502d1f4c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\610af3f8c1d171ffa3ef857c84eaba6f_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\611951a2523c21cc5470fa695b198bbe_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6125bc455368a9f8cd49e2e2082f9a5d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6164ce19f769803a687a48da9e28e7ff_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\619212bf7f18316c2232a74cc596841f_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\61caf251dfd57c8dad63203e708d769e_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6223c8bf26b6503892472e6acd43a5b8_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6236be9ed2aff56741bd4172640897cf_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6249f01a66910a2aa623637f20087ec5_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\631b7b76f12a3ae1c36b154dfc290787_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\633be43260fc9bf779c0562e42d698ac_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\63ab5f8fe056cdb4cdc819195892a3e4_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\63b21c44c7ccb417a8d8b64e52f47bf7_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\641346aca6da734700db830d72af080e_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\64b5c7502ec86122c35f0a86ed333492_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\64e3013dab31f11f88d694e9d37dd9e9_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6503e447743096f8edbf29b4d7111695_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6553856fd48f1d4834f0d2fb06592c85_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65cc81324fff6c8d633fb6cf1aae8138_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65e058be4627d7070fcef9bf9e03b0ec_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65f064e4be94402213e3ca751e9c6a00_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\66005d57b70bca6e45436d99a85113a9_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\66b5756bae9cc2fa3857565ae53531fc_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped

Edited by klois, 21 March 2007 - 12:47 AM.


#10 klois

klois

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 21 March 2007 - 12:42 AM

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9b0e14d817a119b1061e757eb928003a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9b295c163e5d44cb2fbd50bb645989c6_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9b747fd1b03ef6f309974fbf7e8f6d26_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9b89ce44ede407226fc982924bbbaf82_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9bfac5b25eddcbb0bca2da7e4723813a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c1ed672f02ac385d1a30d90408b8a34_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c8467e33301a3a2d30a0180aba84d14_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c8744b13a89da4ed6b481a845aff992_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c8ad335b8f9e4dbe89c3602a69ef09d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9cfacf3c81e51c7a37dabe15e0b1e109_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9d904b745cf57a2a01becde8f27c66b5_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9db09878939529425ed818e247cfa43b_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f4ce8ca1e64e9503b1d3cc535b2f095_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9fd034c23a703aeb42fc05966baa47f1_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a01bcb52d39f2a8d08a5788175376f6c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a12124c04196cde5652e9351174d6a66_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a12503b0cf6c9ca484eabd8f183eaea7_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a1ebaf904cb6be890db5aa34ef16b9ff_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a208e8b54517128466d21d688b548496_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a26be80c864f316712ae5ce5c6c8dd87_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a27e83c3a7279439bf9bc66bbfc5c4c6_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a2aedc48838c45ea4fdd7efd39e50b45_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a2d405e2988754e005dac36bb7b9f5f2_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a2dd46dd909a795d444a04cb37329602_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a50cbb3895b46c338ca35fa61ae024d7_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a52ee15d97b058e79a9cb1990aa1f4c0_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5a419a988b6c650869e058c69d88205_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5b46361c788415169db7204b59bc5fe_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5f0dc73bdc40c1a1adf2ad0273f358c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a6019f6352d9efe8afde7573c8fdc026_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a6b984990acedb323a1b9abea5a24e5d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a6f7f2a264d09d52449db2ebff7a0767_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a6fb3feba5ed62c94c1120373eeaffd4_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a77e4c17061cca789189105d3a8270db_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a82714ffa666f21e108dc13a0ab68306_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a82e7fd93a98fc2ccfa3b203ce2dee64_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a840e5a9b67dfeaa9a0d6d24445a6fc7_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a87d9d7bc3958157375a9f4958707a02_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a929128b936bf5a946d18e49fec3640d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa1469d63120d3e7610f73a22a6558b9_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aaff27969df2fe04d39f6fbb78dd79de_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ab052e7a578e390eeaf95568bd596835_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ab13cde3f4b10b84cd7d9ab14ca6398c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ab97e2e239db0cff99b1888c43b22c78_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\abbc563bdc5362ab39378a103beae90e_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\abe1e3c9bea0f80a158443265e5aa921_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac853595f66c5bdffb723e98da9f389a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\acb8ef3f6bc8c9bea78f94df52cecc9e_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\acf60d43c7b0a33d725838d9df1ee868_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ad52c9a485fc60585463763dedf0ea0d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\addf60db30c4027ad741c04fa2f4656a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\adf7a23289ac1abfefb73dc9ece1932d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae1876d5e2ac3db801eaf84be74479f7_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aec438ec493dfd9815da116a20d6f8f3_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\af549cd419f6230a3738f19961d50fdb_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b0117eda62df0b7503d5f44bdd2b22d8_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b09c72573247df061592b0c236adff0a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b09f2ed6ac66b741f0055ab6be9920cb_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b09f7a9fd2e54dfd2b0457cb336e54b2_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b1d744b783c07a2a857c9677c2fd637b_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b27c6150488bdf29ef40c25bb3799731_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2d263a2b0bbc9b9387e8ce824eab519_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2ff747043a625f06d6a5394c97c8d79_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b30c93215bb6a3da87b319005351526a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b36a9b100c191ece0f467a5f94b62c67_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b3817966dca13a9176954a9dddc888e0_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b3840c40bfdfd80db2fc83f605d1361a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b3f484d0c8206976629ab1ef9235f018_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b43dc097f554da9c09adb7ffefbeef7d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b46438fabe3c0a15913276a5a9ef20bb_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b482a27751b7f8c1e56d500e4eae58c5_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b48f39a7af07b5b64ab615d61179e973_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b51531e915bc3cc52b1b6eed3b1d2343_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b72514a37bc702b8468e15d168f2f276_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b752cb9edf2aef087743886b8d978929_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7d2de83bff1729197bfa84bb4a45d8c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b808c8c25aacb2f19e9e7f23e0c59fa4_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b810df2ca5e7f3d79df4bcb69f9293e7_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b9a3c8c7da57ce7d3e2d04bd271c50ee_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb3f34822b3542c416c6e037cbf63b3b_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb71db17d13dcd411211d20dcbbfb788_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb945f772a5e380e3b38a58e67ff0231_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bbbb092651ca6947a9fce04da353cb82_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc1c19b7e71c8439b12550110b8884d4_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc39b69306b5dce51d7210987f0e4479_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc4af95561332e63e41c721d8a91a399_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc60e0758b9392c1f95f3447dc25edda_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bccd7b344c5299f820aa3a734649d566_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcf7a610256bbf334b90ae6786bdfde5_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd72840d89c8289f51605e0bbc9362f4_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be557db8235d1af105e0e66bb144c598_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be78c5028af7301040bdf0f9020d5ad3_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be8f2260e264fa09298927162aa89f8a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\beab3ff255a231152b8476c175d5679c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bed163122320e37704c87a73e15dbfda_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf22ca03f826d2b58c06dc3b3769b406_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c22fa2a1c3b1649629871a2f7e8a71aa_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2db172231e12bee3336a9bdb642ea2a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2ea995129094bb71428048c79242d01_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2eb9841ea557c9c0681852ec9ef03b4_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c322245df7aa2e2f8dd52707ef7401fc_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c37ca5b2a2e2ffd1999c0842c341a59b_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3c5b957d129d5fff4b64614d6a8ba91_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3fa447d7c059dbcc17e2587a0d40013_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4912c8a410016bc7946d317c2116869_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4aed15ba0a47e31253b705cc51cca19_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4e0124a7d669d9faef84e19779942f9_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c50ed43e12209029a53bddb08cabbfff_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c550bf937c1a3d75a9901b438001f774_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c5e669143139e5e8b23e316a4d897eed_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c5ff279361c0e8a8dbf6e56258d6090b_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c72e1bba0ea44ba09b7d72ea1be3d058_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c768328e61252d81b9d02c2397bdfb10_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c858a4f0a81694b5e024537d1de83690_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c89fcba5596f56e6851349c2b29ff249_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c8a7cc34625efc031a10956e8ae32862_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c8d54a6167f93e9471178d62bc5a483b_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c910822477de01a830882b974feaf334_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c921798fb1f884ac3515b34d66d52d22_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c964eee7c28582bf327dda92dba3c449_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c96c2fd5d7b3608d43a655743e90b122_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c9d70c9a8fa55bc5c0e9be43515dcdee_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cab9770c4002464520720da839dd4673_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cac4475f74b62de1de8be2e6930d044c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb29f7261d73edf87dc4b6f6e363a756_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb58ec5edfb0206fc0b9e71905d12d27_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc5b3bae6d43668212bf059542aeb5e2_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ccfad3c38826906735b26c7ba55d9519_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd625dfe53de331bb7f7d166c16326c2_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cdf3727f9489d7ef8c3ba65e257baf0c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce4da4db808c7b6ef2ab7bf928eab772_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce588841aeacd67f235263da472f7990_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cedd5a601b27d07378d5cc0a2bb0309c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf337548d021245b6f5dde2388929178_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d0631e2b1f7369a6ac5140097fdef860_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d0cf7e1ca332a9f5916299077d246dc8_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d13b7aaa8148e274f9b8cf9c1886a2ce_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d19e8633288ede5812c0084e2c9cbd19_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1a58fc4c578f6d98c960455358de84b_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1e9aaa805d77c622a183e782f4c9fca_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1f7b6e0f6f84e1ae3ebbafc9f17d0be_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d2b1abb905eafd180707c06a033bfabf_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d3730e49ef680ccba2b8662730add551_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d402fed56ab3e90c7963d46d2a3104e6_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d44b4d61e799c374ab226211668bebcc_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4905aeb80db47d3c083ea0a00020bda_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d49c904c6b2a33345623592de0d0d303_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4a4bcfa27550b1d6230604921139bb9_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4e427c25fd0919374609d86e6cf81c7_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d555a4066b8af11451bb11b3698284c0_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d58892785ef31721ff4a8355e9d9326b_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d58aab629b14691ef13c5df8c3ee5a66_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d67232c0857f3f1cb82abb809f1d2bb0_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d7030e8f1f5e3d9ee621986a4c316f19_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d794426fdcd4580aabe5c066c3f23f2d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d835a2ad1f3ecbd9e5f8d78593c41e27_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8cf32b493fc60c2e8a4568cf372f3c0_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d946e9ab9d037fc01f05874c1fa1320b_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\da2ae76e69c38fbb17a5734b06cd4079_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dab2cfd0de40750b127ae60e78c9d940_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\db9a63dee346aed371d9c901729e84d9_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dbc081264c66a3364dc2c985e10a4cd4_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dce5c199306162e9af90455ce1ae6731_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dced9fe900c59a5cb9922e5b7ff3d7f1_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd5890d09d34c28fbbe0a012e875b617_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ddc990c77eee53ca0b5d5ce27312829c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\de1b3edf971552287ef197952f3ccb8c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df14825a2e0d917fcf4bf7b2816b93bc_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e03e67ca49fa862302152413a96b77ae_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e0726fe625fa9ce9ecef9cb8b3aee21c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e0c17370db7b62cbe7faa63bb4fea83a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e1aa2d11d5246ffc5fa0ac3c9d465334_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e1c78e284d9c17b42bd90defdbee7a39_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2998725db20df2e48e8af2ecbb808f9_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2b106d4ca905ad15f8b73510e49d732_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2c439cbce1ba6329e43c21876d3b613_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e31f3ac4eecca4f1dd286bb04ec1313d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e330aa95e87885debceffc693a58a07e_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e338da1957ad0e3b363d59f25628e28d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e3d4897433b2dc5eb4cbfbdea3343b5e_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4dc6bc34a5f39dbc3019d97709e07bd_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e503919311a1edb43d4438fdbe26b586_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e560b4def00e4ce97a102dee037045d2_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e5bb553645cee725a71213a1758235a2_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e5fba929fae90cd8fdf515105fcece6f_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e6275e708550d6ad154ab3a13436080e_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e633bad93145661fad4638c5088b14b9_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e6ae6760e480621dcc29a053378d0cde_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e6d429e78d1782f9a1b344d8409602f9_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e72e562ae4fc73dc24216aad3d13f128_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e8eafa259957827dc3974ae4bfdec156_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e900d011efabce96c10753a34c10c27d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e9b6bdb0daef1f3a693c34e96174881f_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e9ca46440f3f486642ccfa0392e323fd_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eace9e8c7efb5a8a4890ab6c34d5d619_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb6b0c64b08bc7b4aea711aa514482ab_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb9258cc0672cfbd3dc845cbe7873bbc_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eba303936e26473966464e21b4312a03_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ec01d6d04e337a857914cfa081ef0901_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ecc174abebc091e744afba1bccbe26f0_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed0ff77c873817028cbffdee4a85fa75_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee18221657c2eb4a2557ba76106b6038_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee4195960bda71d8aac714787a60606a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eec22d19514ca2d0a85a93c07754ce1e_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eed1c52cd806f2967fe7fa404d67bdd5_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eedeaa74b0f691edf014b2bc007e8321_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eef763337d3dfee1bc2343a3968bf2f8_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ef1c525b0a6ee2399e72c339104867b7_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ef9561a4e94c94efbd9b8539b556fb7a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\efab7c946cb11f7b58bfc6b4eb19ad3b_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\efb8e965c38002ad6ba929cdb6703527_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f049e094f22d14123c571481291a0d58_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f0b701c4a43fba085d27c15c4471a038_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f0e7780bbb1b1f9d89a8126882f39081_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f0fa05827e351f6b0afb937717273ae3_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f122dbaaa4bdc22ba53821d0ec601b38_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2206a503117deefcca0714d758c124a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f23be448ca96926015c0266915bda7eb_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2519169815cc321268dd4d4a3c4eb70_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2a0ea1417f59e891fcabe8fd775711c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f36e0752e46d316514c03f776942dd8a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3712c12947d78998682ededcbd000a2_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3c813d80952b67e15ae4e9152710e01_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3f74e9bee9ab7d7ce6b91423949e7ac_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f40a9d8b52922bed99396c83dfb77348_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f7041cb0ce6dde7e37fbdb6491f3c79f_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f70b75ee0ece2d78ff6ac539dcfed360_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f7556276040ad1663489939b6088d58e_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8c7b649dc48e35a8167bc384177bf4d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8d0e01d28df7765d4ed1e83870287f3_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8e0f04ee8771eac6d1d916eba0fcecc_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f90d8a798e411ae71912cc3486ed8aa2_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f971d3dec5db77b614e5a9d6eeb104e3_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f97f0c47471884b4eb8fd814b0762923_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa0322a3dbb69c509becaaebf10d70c9_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa6ec8911c240edae6899fffba7648f7_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa7458adc8189aa0659ff01903e37d45_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb1018115b45ce918d40c7bfeba5b604_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb2c5fe466464b28b7539dba2d15ad2c_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb96d5d598fadb444f03cb491680a881_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc5f2a6a426e7469ae06fa54cd1f0eeb_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fce30a428a8b950d939d79f28e7027b6_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd8f9c21c258410912c38d44b47c204f_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd92fc053cc43f67f6592fecc32b4a3a_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe0b5b36b414d8a0a11e1b1f2b80b6e0_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe15bdcefb6cb50c5516b2b358392a3e_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe3ec1f28b70acf6e60679d3e0516e55_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fec67cb4572c550b7434b98d6b34f76f_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff57f5bf641d74cf3dec4c365f44a7de_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff8ea2815f6991e7d6acc525bc8374d9_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ffe8df7ca14761813bd2119c6704261d_e6a40f73-d165-4cf1-b314-1387d622f1ac Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-03-20_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16B903F7.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18625624.dll Infected: Trojan.Win32.Obfuscated.ev skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18E56594.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F866320.dll Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27073722.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31007828.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\391E31CF.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B4D6CD3.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4037116C.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\410A423A.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\454403DC.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A232A80.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53241A56.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\567968AC.dll Infected: not-a-virus:AdWare.Win32.Suggestor.f skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A2F2296.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A2F2296.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A2F2296.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A2F2296.zip ZIP: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A2F2296.zip CryptFF: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61881A80.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\625C7C20.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6322246A.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\640F13B9.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65C67815.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66894943.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symant

Edited by klois, 21 March 2007 - 12:49 AM.

    Advertisements

Register to Remove


#11 klois

klois

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 21 March 2007 - 12:53 AM

I've noticed my posts are getting cut off. I am checking to make sure they fit the maximum post length tho. =/ I'll post all the ones that seem to have an infection here. KASPERSKY ONLINE SCANNER REPORT Wednesday, March 21, 2007 2:19:48 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 21/03/2007 Kaspersky Anti-Virus database records: 283725 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ Scan Statistics Total number of scanned objects 120063 Number of viruses found 13 Number of infected objects 61 / 0 Number of suspicious objects 0 Duration of the scan process 02:13:02 C:\WINDOWS\system32\main.sys Infected: Trojan.Win32.Agent.ady skipped C:\WINDOWS\system32\29234932ld.exe Infected: Trojan-Proxy.Win32.Dlena.bd skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP443\snapshot\MFEX-1.DAT Infected: Trojan-Proxy.Win32.Xorpix.m skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP444\snapshot\MFEX-1.DAT Infected: Trojan-Proxy.Win32.Xorpix.m skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP466\A0047632.dll Infected: Trojan-Proxy.Win32.Dlena.bo skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP467\A0047964.dll Infected: not-a-virus:AdWare.Win32.Suggestor.f skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP467\A0047979.dll Infected: Trojan.Win32.Obfuscated.ev skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP467\A0047980.dll Infected: Trojan.Win32.Obfuscated.ev skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0061023.exe Infected: Trojan.Win32.Patched.g skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0061027.sys Infected: Trojan.Win32.Agent.ady skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0062023.exe Infected: Trojan.Win32.Patched.g skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0062028.sys Infected: Trojan.Win32.Agent.ady skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0062044.exe Infected: Trojan.Win32.Patched.g skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0062049.sys Infected: Trojan.Win32.Agent.ady skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0062069.sys Infected: Trojan.Win32.Agent.ady skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0062080.dll Infected: Trojan.Win32.Agent.agv skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0063095.sys Infected: Trojan.Win32.Agent.ady skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0064090.exe Infected: Trojan.Win32.Patched.g skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0064097.sys Infected: Trojan.Win32.Agent.ady skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP471\A0065100.exe Infected: Trojan.Win32.Patched.g skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP471\A0065109.sys Infected: Trojan.Win32.Agent.ady skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP471\A0066100.exe Infected: Trojan.Win32.Patched.g skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP471\A0066109.sys Infected: Trojan.Win32.Agent.ady skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP471\A0069100.exe Infected: Trojan.Win32.Patched.g skipped C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP471\A0069104.sys Infected: Trojan.Win32.Agent.ady skipped C:\HJT\backups\backup-20070319-135301-427.dll Infected: Trojan.Win32.Agent.agv skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16B903F7.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18625624.dll Infected: Trojan.Win32.Obfuscated.ev skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18E56594.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F866320.dll Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27073722.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31007828.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\391E31CF.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B4D6CD3.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4037116C.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\410A423A.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\454403DC.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A232A80.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53241A56.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\567968AC.dll Infected: not-a-virus:AdWare.Win32.Suggestor.f skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A2F2296.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A2F2296.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A2F2296.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A2F2296.zip ZIP: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A2F2296.zip CryptFF: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61881A80.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\625C7C20.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6322246A.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\640F13B9.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65C67815.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66894943.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68905D07.php Infected: Trojan-Downloader.Win32.Agent.bjk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68A702EE.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BB52272.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BBB766B.mai Infected: Trojan-Downloader.Win32.Agent.bjk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E29789A.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EF15E02 Infected: Trojan.Win32.Agent.agv skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F152BDB.exe Infected: Trojan.Win32.Agent.agv skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F9E0F44.exe Infected: Trojan.Win32.Agent.afg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BA15EA0.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D262E1C.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

#12 Gary R

Gary R

    MRU Administrator

  • MRU Teachers
  • 1,462 posts

Posted 21 March 2007 - 02:04 AM

Hi Klois,

I see you have been using CleanUp! on your computer. This is not a programme we'd recommend, as it can be "too thorough" and remove things that would be better not being removed, damaging your computer. My own computer was damaged so badly by using this programme that I had to re-format and re-install my OS. If you have used it in an attempt to clean your infected computer, it may well be responsible for some of the system instability you now have.

Please Uninstall it using Control Panel > Add/Remove Programs.

Also Uninstall the following programs.

Kazaa Media Desktop 2.1.1
Outerinfo
Viewpoint Media Player


And any other programs you don't recognise and didn't install yourself (if you're not sure ask don't uninstall them).

Download and run OiUninstaller.exe

Tutorial for the uninstaller if needed

Delete the contents of the following folder (do not delete the folder).

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine

Download Pocket Killbox and install it to your Desktop. Do not run it yet.
  • First copy the filepaths in the box below to your clipboard, by highlighting them and pressing Ctrl+C.

C:\WINDOWS\system32\main.sys
C:\WINDOWS\system32\29234932ld.exe

  • Open Killbox and check a mark in the "RadioBox" which says Delete On Reboot
  • Click File > Paste from Clipboard.
  • Click All Files button.
  • Click on the Red button with a Cross, and answer Yes when prompted to Backup and Delete the pasted files.
  • Answer Yes when prompted to Reboot now.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, download and run missingfilesetup.exe. Then try Killbox again.
  • Click Start > Run and type cleanmgr then click OK.
  • This will bring up the Disk Cleanup window.
  • Check the following entries.
    • Temporary Internet Files.
    • Recycle Bin.
    • Temporary Files.
  • Click OK.
  • When a prompt pops up click Yes.
Download AVG Anti-Rootkit Beta
  • Follow the install directions.
  • Once AVG Anti-Rootkit Beta is installed it will put an icon on your Desktop.
  • Double click it to launch the programme.
  • Click the Search for Rootkits button and allow the scan to complete.
  • If anything is found click the Save results to file button, and save the file to a location where you can find it.
  • DO NOT click the Remove selected items button until I've seen the log. This is a Beta version tool, and may find legit items.
Now run another Kaspersky scan please and post the log back here, along with the AVG Anti-Rootkit log and a new HJT log.
Gary R

Posted Image

#13 klois

klois

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 21 March 2007 - 11:58 PM

I'm posting this to give you an update on my progress, but to tell you I'm not completely finished yet. I couldn't delete Kazaa Media Desktop 2.2.1. Everything else has been done except for a Kaspersky Scan. I feel like it has been acting a little odd. I left it on for a few hours and it didn't move. I tried a second time, and after 4 hours, it wasn't realy moving past the teens. I feel like my screensaver can't come on or it shuts the scan down, so I am going to do the scan and get back to you tomorrow, if not earlier. Thanks for your help, Gary. I really appreciate it. However, I've been thinking, partially due to your comment about Cleanup! and because I feel like this computer has some things wrong with it (one thing I know is the Microsoft Firewall doesn't seem to work, and I feel like a lot of my problems have stemmed from that.) I've been looking around online for information about it, and it seems fairly straight-forward. I've never done it tho, however, I know a few people who have. One being my brother. And I can easily backup my files and I have a Microsoft XP cd. However, there is a problem that I can't quite get over. I can't find the cd's I got from the manufacturer to reinstall my drivers. And I've heard that installing the drivers is probably the hardest part. I'm not sure if this will be much of a problem or not. I was wondering if I were to do that without the cd's, if you thought it was a good idea. Also, what do you think would be a good anti virus program to use, if I were to do this. Oh, and I know this isn't the place to really talk about reformatting a computer, and if I decide to reformat, I'll obviously stop posting here.

Edited by klois, 21 March 2007 - 11:59 PM.


#14 Gary R

Gary R

    MRU Administrator

  • MRU Teachers
  • 1,462 posts

Posted 22 March 2007 - 02:37 AM

Re-formatting can often be the quickest way to get a badly infected computer running again, and will certainly get rid of all infection, however I realise it is a hard decision to make.

If you choose to re-format, instructions for doing so can be found HERE (courtesy of wng_z3r0).

As you don't have all the drivers on CD, probably best to download them first and burn them to a CDR (there are links for some of the more popular drivers in wng_z3r0's tutorial).

The topic of AVs is quite a complex one, and is determined by your needs. If you're looking for a Free program then AVG and Anti-Vir produce good products. If you want to pay for one, then personally I like Nod32 and Kaspersky, both are light on system resources and have good scanners with some of the most regularly updated definitions.

Edited by Gary R, 22 March 2007 - 02:43 AM.

Gary R

Posted Image

#15 klois

klois

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 22 March 2007 - 11:39 AM

Here are the things that came up once I did the Kaspersky scan. If you want the whole scan, I will post it. Also, here is the HJT scan. And thanks for the advice. =)


C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A9D56AD.exe Infected: Trojan.Win32.Agent.afg skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37745356.exe Infected: Trojan.Win32.Agent.afg skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E0A124D.exe Infected: Trojan.Win32.Agent.afg skipped

C:\Documents and Settings\Jeremy Keipper\Desktop\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped

C:\Documents and Settings\Jeremy Keipper\Desktop\OiUninstaller.exe NSIS: infected - 1 skipped

C:\HJT\backups\backup-20070319-135301-427.dll Infected: Trojan.Win32.Agent.agv skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP443\snapshot\MFEX-1.DAT Infected: Trojan-Proxy.Win32.Xorpix.m skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP444\snapshot\MFEX-1.DAT Infected: Trojan-Proxy.Win32.Xorpix.m skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP466\A0047632.dll Infected: Trojan-Proxy.Win32.Dlena.bo skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP467\A0047964.dll Infected: not-a-virus:AdWare.Win32.Suggestor.f skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP467\A0047979.dll Infected: Trojan.Win32.Obfuscated.ev skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP467\A0047980.dll Infected: Trojan.Win32.Obfuscated.ev skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0061023.exe Infected: Trojan.Win32.Patched.g skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0061027.sys Infected: Trojan.Win32.Agent.ady skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0062023.exe Infected: Trojan.Win32.Patched.g skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP469\A0062028.sys Infected: Trojan.Win32.Agent.ady skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0062044.exe Infected: Trojan.Win32.Patched.g skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0062049.sys Infected: Trojan.Win32.Agent.ady skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0062069.sys Infected: Trojan.Win32.Agent.ady skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0062080.dll Infected: Trojan.Win32.Agent.agv skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0063095.sys Infected: Trojan.Win32.Agent.ady skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0064090.exe Infected: Trojan.Win32.Patched.g skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP470\A0064097.sys Infected: Trojan.Win32.Agent.ady skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP471\A0065100.exe Infected: Trojan.Win32.Patched.g skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP471\A0065109.sys Infected: Trojan.Win32.Agent.ady skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP471\A0066100.exe Infected: Trojan.Win32.Patched.g skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP471\A0066109.sys Infected: Trojan.Win32.Agent.ady skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP471\A0069100.exe Infected: Trojan.Win32.Patched.g skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP471\A0069104.sys Infected: Trojan.Win32.Agent.ady skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071129.exe Infected: Trojan.Win32.Patched.g skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071136.sys Infected: Trojan.Win32.Agent.ady skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071181.exe Infected: Trojan.Win32.Agent.afg skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071182.exe Infected: Trojan.Win32.Agent.afg skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071183.exe Infected: Trojan.Win32.Agent.afg skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071184.exe Infected: Trojan.Win32.Agent.afg skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071185.exe Infected: Trojan.Win32.Agent.afg skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071186.exe Infected: Trojan.Win32.Agent.afg skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071187.exe Infected: Trojan.Win32.Agent.afg skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071188.exe Infected: Trojan.Win32.Agent.afg skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071189.exe Infected: Trojan.Win32.Agent.afg skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071190.exe Infected: Trojan.Win32.Agent.afg skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071191.exe Infected: Trojan.Win32.Agent.afg skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071192.exe Infected: Trojan.Win32.Agent.afg skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071193.exe Infected: Trojan.Win32.Agent.afg skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071194.exe Infected: Trojan.Win32.Agent.agv skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071195.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071196.exe Infected: Trojan.Win32.Agent.afg skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071197.dll Infected: Trojan.Win32.Agent.afg skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071198.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071199.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071200.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071201.dll Infected: Trojan.Win32.Obfuscated.ev skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071202.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071204.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071205.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071206.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071207.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071208.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071210.dll Infected: not-a-virus:AdWare.Win32.Suggestor.f skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071213.exe Infected: Trojan.Win32.Patched.g skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071214.sys Infected: Trojan.Win32.Agent.ady skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071215.exe Infected: Trojan-Proxy.Win32.Dlena.bd skipped

C:\System Volume Information\_restore{E218C18C-C065-4AF6-827D-E8070CA783D2}\RP472\A0071227.sys Infected: Trojan.Win32.Agent.ady skipped

Logfile of HijackThis v1.99.1
Scan saved at 1:33:00 PM, on 3/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "G:\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\Bit Comet\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\Bit Comet\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\Bit Comet\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! GoStop - http://download.game...ts/y/gst1_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users