Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

VundoFix deleted DLLs

Started by Hasitha , Oct 18 2006 06:47 PM

  • Please log in to reply

#1
Hasitha
Posted 18 October 2006 - 06:47 PM

Hasitha

    New Member

  • Member
  • Pip
  • 7 posts
I recently recieved WinAntiVirus popups. I heard that they stemmed from WinFixer, which stems from Vundo (or something of that sort). I ran VundoFix, and it fixed some files, which appear to be DLLs. One of them was ikrfind.dll. When I rebooted, a popup popped up under the title "RUNDLL" and told me that it could not find ikrfind.dll. I was worried, but I clicked OK, and used my computer with popup-free ease. When I tried to shut down my computer, it would stay at the blue screen with the Windows logo and "Windows is shutting down..." for ages. I eventually manually shut down my computer.

Considering that this happened immediately after running VundoFix, I think that it has deleted something important. These are the files that VundoFix fixed.

C:\WINDOWS\system32\ikrfind.dll
C:\WINDOWS\system32\jswiytb.dll
C:\WINDOWS\system32\ksrpmje.dll
C:\WINDOWS\system32\ovrxesi.dll
C:\WINDOWS\system32\tussrpq.dll
C:\WINDOWS\system32\jriifpej.exe
C:\WINDOWS\system32\sstqn.dll

Are any of these crucial Windows DLLs?

My computer is clean of viruses and spyware. I am running the following anti-virus programs:

Kerio Personal Firewall
AVG Anti-Spyware Free
AVG Anti-Virus Free
Windows Defender
Spybot S&D 1.4
Ad-aware SE Personal

Please help me if you can. I can't shut off my computer without having it freeze up! :whistling:

P.S. If you need a HJT log, just ask; I thought it wouldn't really be necessary for this, but it might.
  • 0

Advertisements

#2
loophole
Posted 19 October 2006 - 04:33 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

go ahead and post the hijack log and lets have a look.
  • 0

#3
Hasitha
Posted 19 October 2006 - 02:57 PM

Hasitha

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Logfile of HijackThis v1.99.1
Scan saved at 3:55:20 PM, on 10/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 1.5\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06D9A6F2-C568-4DB8-8497-C31736ADE34D} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\vkcivpkf.dll
O2 - BHO: (no name) - {38C31494-46A7-AC4B-492F-09A3556F4D45} - C:\WINDOWS\system32\jswiytb.dll (file missing)
O2 - BHO: (no name) - {4472E2B2-FB44-FBD4-2A58-0101EBECF47E} - C:\WINDOWS\system32\ksrpmje.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /T
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ikrfind.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ikrfind.dll,buptmcd
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - Startup: Gmail Notifier.lnk = C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1150472615437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1150475456812
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2A6DA9D-44CF-4B95-B088-E4CE58221EF5}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winayt32 - winayt32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2\RpcSandraSrv.exe




Thanks for the quick replies. For the meantime, I've been putting my computer into standby at night.
  • 0

#4
loophole
Posted 20 October 2006 - 03:54 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Everything Vundo fix deleted was fine

Lets do this

Please run a scan with HijackThis and check the following lines for removal:

O2 - BHO: (no name) - {06D9A6F2-C568-4DB8-8497-C31736ADE34D} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\vkcivpkf.dll
O2 - BHO: (no name) - {38C31494-46A7-AC4B-492F-09A3556F4D45} - C:\WINDOWS\system32\jswiytb.dll (file missing)
O2 - BHO: (no name) - {4472E2B2-FB44-FBD4-2A58-0101EBECF47E} - C:\WINDOWS\system32\ksrpmje.dll (file missing)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O20 - Winlogon Notify: winayt32 - winayt32.dll (file missing)


Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply with a new Hijack log.
Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Edited by loophole, 20 October 2006 - 03:55 AM.

  • 0

#5
Hasitha
Posted 20 October 2006 - 03:47 PM

Hasitha

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hasitha_2 - 06-10-20 16:41:18.85 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Program Files\Mozilla Firefox 2.0"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{4C2E34FB-0707-1033-1202-051201200001}


((((((((((((((((((((((((((((((( Files Created from 2006-09-20 to 2006-10-20 ))))))))))))))))))))))))))))))))))


2006-10-19 20:05 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-10-17 13:33 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-17 13:33 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-17 13:33 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-17 13:33 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-17 13:05 206,336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:01 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-17 12:58 61,952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12,288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 266,752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:27 380,928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-14 22:35 2,829 --a------ C:\WINDOWS\War3Unin.pif
2006-10-14 22:35 126,976 --a------ C:\WINDOWS\War3Unin.exe
2006-10-07 22:29 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-10-07 22:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-20 16:41 -------- d-------- C:\Program Files\Common Files
2006-10-20 16:40 -------- d-------- C:\Program Files\Mozilla Firefox 2.0
2006-10-20 16:40 -------- d-------- C:\Program Files\HijackThis
2006-10-20 16:37 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-10-20 07:26 -------- d-------- C:\Program Files\Mozilla Firefox 1.5
2006-10-20 07:21 -------- d-------- C:\Program Files\Internet Explorer
2006-10-18 19:05 -------- d-------- C:\Documents and Settings\Hasitha_2\Application Data\Ahead
2006-10-18 17:01 -------- d-------- C:\Program Files\Warcraft III
2006-10-17 13:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-17 13:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-17 13:33 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 13:01 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-17 13:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-17 13:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-17 13:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-17 13:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-17 13:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-17 13:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-17 13:00 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-16 21:08 -------- d-------- C:\Program Files\Apple Software Update
2006-10-12 23:03 -------- d-------- C:\Program Files\eMule
2006-10-12 22:43 -------- d-------- C:\Program Files\Sunbelt Software
2006-10-08 20:57 -------- d-------- C:\Program Files\New Folder
2006-10-08 11:41 -------- d-------- C:\Program Files\3dsMax
2006-10-07 22:40 -------- d-------- C:\Program Files\Windows Defender
2006-10-07 22:28 -------- d-------- C:\Documents and Settings\Hasitha_2\Application Data\Sun
2006-10-07 22:03 -------- d-------- C:\Program Files\Grisoft
2006-10-07 21:29 -------- d-------- C:\Program Files\Lavasoft
2006-10-07 21:29 -------- d-------- C:\Documents and Settings\Hasitha_2\Application Data\Lavasoft
2006-10-06 16:11 -------- d-------- C:\Program Files\Java
2006-10-06 16:10 -------- d-------- C:\Program Files\Common Files\Java
2006-10-01 20:23 -------- d-------- C:\Program Files\Beneton Software
2006-09-28 16:43 -------- d-------- C:\Documents and Settings\Hasitha_2\Application Data\LimeWire
2006-09-27 22:05 -------- d-------- C:\Program Files\Smart GIF Creator
2006-09-27 16:22 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-26 16:46 -------- d-------- C:\Program Files\Active GIF Creator 2.23
2006-09-24 12:54 -------- d-------- C:\Program Files\Mozilla Sunbird
2006-09-22 21:50 -------- d---s---- C:\Documents and Settings\Hasitha_2\Application Data\Microsoft
2006-09-17 13:47 -------- d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2006-09-17 13:41 -------- d-------- C:\Program Files\DFX
2006-09-17 13:41 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-09-14 20:53 -------- d-------- C:\Program Files\iTunes
2006-09-14 20:44 -------- d-------- C:\Program Files\iPod
2006-09-14 20:43 -------- d-------- C:\Program Files\QuickTime
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-11 16:46 -------- d-------- C:\Program Files\activePDF
2006-09-10 11:51 -------- d-------- C:\Documents and Settings\Hasitha_2\Application Data\CyberLink
2006-09-10 11:48 -------- d-------- C:\Program Files\PCFriendly
2006-09-10 11:48 -------- d-------- C:\Program Files\InterActual
2006-09-10 00:49 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-07 18:15 -------- d-------- C:\Program Files\Microsoft Office
2006-09-06 17:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-03 23:32 -------- d-------- C:\Program Files\Microsoft Games
2006-09-03 11:27 -------- d-------- C:\Program Files\Torque
2006-09-02 15:36 -------- d-------- C:\Program Files\XviD
2006-08-31 17:11 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-31 11:46 176235 --a------ C:\WINDOWS\system32\Primomonnt.dll
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 19:42 -------- d-------- C:\Documents and Settings\Hasitha_2\Application Data\Mozilla
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 04:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-01 15:02 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2006-07-31 11:19 315392 --a------ C:\WINDOWS\alcupd.exe
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 18:40 1080 --a------ C:\WINDOWS\AUTOLNCH.REG
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RivaTuner"="\"C:\\Program Files\\RivaTuner v2.0 RC 16\\RivaTuner.exe\" /T"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ikrfind.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ikrfind.dll,buptmcd"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"nwiz"="nwiz.exe /install"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SoundMan"="SOUNDMAN.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BootSkin"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\Stardock\\WINCUS~1\\BootSkin\\BootSkin.exe\" /StartupJobs"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ovrxesi.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ovrxesi"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ovrxesi.dll,pfgayj"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=dword:00000003
"SCardSvr"=dword:00000003
"RSVP"=dword:00000003
"Netlogon"=dword:00000003
"MSDTC"=dword:00000003
"mnmsrvc"=dword:00000003
"WZCSVC"=dword:00000002
"UPS"=dword:00000003
"RemoteRegistry"=dword:00000002
"RDSessMgr"=dword:00000003
"ERSvc"=dword:00000002
"SENS"=dword:00000002
"TermService"=dword:00000003
"LmHosts"=dword:00000002
"xmlprov"=dword:00000003
"CiSvc"=dword:00000003

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winayt32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-10-20 16:43:20.15
C:\ComboFix.txt ... 06-10-20 16:43








Logfile of HijackThis v1.99.1
Scan saved at 4:45:36 PM, on 10/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox 2.0\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /T
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ikrfind.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ikrfind.dll,buptmcd
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - Startup: Gmail Notifier.lnk = C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1150472615437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1150475456812
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2A6DA9D-44CF-4B95-B088-E4CE58221EF5}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winayt32 - winayt32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2\RpcSandraSrv.exe




Thanks for all the help :whistling:
  • 0

#6
loophole
Posted 20 October 2006 - 10:00 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Clean out your Temporary Internet files. Proceed as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.

Please run a scan with HijackThis and check the following lines for removal:

O4 - HKLM\..\Run: [ikrfind.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ikrfind.dll,buptmcd
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: winayt32 - winayt32.dll (file missing)


Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.


Reboot

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

  • 0

#7
Hasitha
Posted 21 October 2006 - 11:31 PM

Hasitha

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
All right. There was a bit of trouble. HijackThis went smoothly, and the files were deleted without problems. I couldn't reboot normally, as the screen got stuck at "Windows is shutting down...", so I had to hit the reset button. Panda ActiveScan froze up on the file "C:\WINDOWS\_default.pif" and stayed like that for 11 hours (I had to leave, so I left my computer running the scan). Panda ActiveScan did find 6 errors before it froze up. I guess I'll try again tomorrow.

Here's the new HijackThis log anyways...

Logfile of HijackThis v1.99.1
Scan saved at 12:29:37 AM, on 10/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox 2.0\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /T
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - Startup: Gmail Notifier.lnk = C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1150472615437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1150475456812
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2A6DA9D-44CF-4B95-B088-E4CE58221EF5}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2\RpcSandraSrv.exe

Edited by Hasitha, 21 October 2006 - 11:32 PM.

  • 0

#8
loophole
Posted 22 October 2006 - 07:59 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Ok, Panda can be funny sometimes. Try the below scan

Please do an online scan with Kaspersky WebScanner. If you have any quarantined items in your antivirus, please delete those archives before the scan.

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with a new HijackThis log.

  • 0

#9
Hasitha
Posted 22 October 2006 - 01:11 PM

Hasitha

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
This is probably important.
AVG Anti-Virus's Resident Shield found the following viruses while Kaspersky was running:

In order of:
Virus name
Path
Date of Detection
Filename
File size

Trojan horse Generic2.ETW"
"C:\System Volume Information\_restore{BD5F5A2E-7091-40AE-A800-57B2BEECA40C}\RP251\A0038217.dll"
"10/22/2006 1:23:59 PM"
"A0038217.dll"
"96 KB"

Trojan horse Lop.AG"
"C:\System Volume Information\_restore{BD5F5A2E-7091-40AE-A800-57B2BEECA40C}\RP241\A0034145.dll"
"10/22/2006 1:23:29 PM"
"A0034145.dll"
"668 KB"

Trojan horse Generic2.EMD"
"C:\System Volume Information\_restore{BD5F5A2E-7091-40AE-A800-57B2BEECA40C}\RP227\A0032409.dll"
"10/22/2006 1:23:07 PM"
"A0032409.dll"
"84 KB"

Trojan horse Generic2.ETL"
"C:\System Volume Information\_restore{BD5F5A2E-7091-40AE-A800-57B2BEECA40C}\RP225\A0032399.dll"
"10/22/2006 1:22:26 PM"
"A0032399.dll"
"18 KB"

Trojan horse Downloader.Zlob.EIQ"
"C:\System Volume Information\_restore{BD5F5A2E-7091-40AE-A800-57B2BEECA40C}\RP225\A0032371.exe"
"10/22/2006 1:21:55 PM"
"A0032371.exe"
"32.5 KB"

Trojan horse Downloader.Zlob.EKJ"
"C:\System Volume Information\_restore{BD5F5A2E-7091-40AE-A800-57B2BEECA40C}\RP225\A0032129.exe"
"10/22/2006 1:21:01 PM"
"A0032129.exe"
"38 KB"

So...I guess my computer wasn't clean. I ran a complete scan with AVG in mid-September, and that didn't turn up any of these files. I guess only the newer virus definitions could find this.

Here is the Kaspersky log:

[size=1]-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 22, 2006 1:52:50 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/10/2006
Kaspersky Anti-Virus database records: 233841
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 122500
Number of viruses found: 5
Number of infected objects: 11 / 0
Number of suspicious objects: 2
Duration of the scan process: 01:14:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0001716a0b6929f89c5cfc256ff4e1b4_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\01c40de7e4bcc2221a236141f3a349c6_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0332776833682d004a7feaaa4619eea9_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\04172c2721c1353ab2e8abc942ed2974_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\044ed65f373d9f1de3dd3113d281a426_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0572978f7eb41fc7288e7c29112c8758_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05943cb0ef2b157f4d36d94250bff0da_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\088a137e4edad8695065c0c2b84d33cb_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0a48204b4be7b4795428009c31be769f_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0bd831885969c05ce1081a028a1dbd61_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c05dba3010e418786ea6015c9a70e01_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c38d58f56b35ce93444707ae8909439_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d9d4192f554afe25e84baffca4bf59b_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0dc973b5e34859d0cd2d37a612b5b168_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e09c2d722bf39c371ef53c3531b42dc_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ed0ca9e0babb3819d77566c3cfcd164_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0fa29171c2ac0b43c07761b5b83e1f24_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1027038a02a84587fcb4c9667c5af146_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1094a5e91836cd0b500020a280e27293_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\122c822a11d893f563b473f44f1b1d3b_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\124f6790c04d50abf755a03271fa3f1d_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\142af69ebd7fb97a47f05c382440fede_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1432bad35e044f781a43df475a85e9b4_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15127f171ae23d2a04c941046ac4129d_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15b095193383841d03f5044c75a5d1a9_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\164fb502f102ffe61226f93941780e9e_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\195d804d4324b0a153f407d5d7798657_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19eca0367f6bbc702a472f6cbad8ed54_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a3fbaaa36a598265cd2d69336dc9efd_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a40583e2830685b1b358750bb045902_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ac09b0b5d61e06eec4f6e5fc304f21b_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1bee3a4e9a02e7dfbaf8b9f3971ab01e_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f2f443f74e5bf26398df3d3f5691a0e_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f609667f857182a9b82ce3d2fc387a9_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1fa796402becd581f6f266adac9b7394_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1fc4f7ca8b7566dd60464cbb7b03c20d_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1fdba1f0ecbfac0687a37747ef8d2348_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\20727ae9eac2e96e0ae869d89dd4ee18_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23752b72d2bfe9fea6f591a808e7d8bd_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\239ded182d7e21d42bc641aea82f2d54_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24c1b216038ea4d1c448534c05af654f_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\267f55efa450e9138180c867416e3b74_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\28ab423652787385150892e959f2a019_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\29fe2e9becd9cd71c4c48cbc892f8ad1_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b1f1b776fb74caf831bcaeb07effb2d_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d40ce03801b27d4570d725f37ed51f3_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e65fdf8c15e88945a0ea7c4776997bb_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f53cead32affbb178688f477fb02fd8_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2fd9e991be53024694d95922b5d38d25_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2ff6b9bdddd40f8d768ae196c70409a5_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\31b7eb9560b61a737b1de99c92d17838_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\342e3decf2109f272b0b762fb3cc491d_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\344ae7f4c730c0fc7755c9c2c7a903ff_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\34b73aea5f83662c06476faad304c8bc_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3513af14b02c22e8d99ff754dd237ad9_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3688b3b0c1ebd50480cd29ba9bb43617_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\36b994d0fc325802bb781c05f2c43d66_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\36c717b369eb1997001163ef6b6440f9_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39360018511bfd381d1b964ca8997e1d_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39e674b1ba94cb9321bd591524ba394d_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ba289e48980b3d694f71c8e1162f4e7_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c8ce1305bc18f1e5e6e98b08e874bba_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3dc6cb71747fd11b9bc6b71ac92a2fbe_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3dd83d1eb8305af5bf9fbd65cf113b88_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3fa60fd21c25001ee13759a116ddd6e8_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40ec8d05287b6b2f5981d596afafd062_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4209211ce2bd0d4557e45e899a646ce9_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\430973f3f894caa025779342d40a24b9_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4455029e1810a60f2901757508f1ef9a_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\452f8e374767e41efc1185cc7c571fcc_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4580d9790eb2ad53c0ddc583b6da71aa_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\467f5e3faa0b136661b2189313a07b64_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4749b62fe34e77374bf78eebaf3ad498_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47ab93ad8dab3469972cb51ae641580b_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\491ce9f5fac49cb803d12c2a38ae04a8_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a0f32897b2f855ce3697ed89b050cfa_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d5369452d8c18790308eec3391610fc_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4e27c59e8255d9515876c2a3c9c71aca_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4fee513fdfee76ba17db39de0f239389_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51ba8e345867ec1ad4b244ae8184d1a2_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51bb7e43dad5c913505ea8976a34a1bc_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\53fb16bd6e5e907f909bffd21b5e4c21_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\543f405ef30efa3d030800b5407c0151_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\550c95124a93d0e94510f6d7daab7ec3_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\57cfda6189ec3b3386f7367780bfb020_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5820d11cf7ae0fac3297b4f07cfbe233_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\59ee6bd6328f0ad823f03810ad29be97_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a00e321718bbb04c9bbbf4dd036836b_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c3027f41687311d4e02552442c4f794_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5e2f02c60fd439460fa2d2df1c63519f_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f7793828a86260328057afb62396d33_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6109f44ca051c3e559aaea3ea025929e_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\625e9f73ab7a1c59e231b6282bf5ace2_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6260d78d2334994e3a8ddf7fb235eed5_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\62e47b2d588860aca3ce83659a733602_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\631404488077ee40eba440c952d603ef_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\63399966da57ca1d0b83f669844ce712_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\63d5b8ebf146f10a9d3402878db035b8_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\64dda2b6ff14982a76426eaf0bf8a797_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\668eef0e277230c866b021b2452ea023_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\66c3ab05af4d75a97bd2e41506de0518_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\68aa590029d9cfda4a5b2d53d9b9b278_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\68ce76c35aa82e14f9ad57a4072ef8e4_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a520a231e965b3d871a12e66c995d9c_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ada3349f383328c0f6ee5bc3e6b6e65_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b63aebc89db4547b10b11f36cc5f857_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d63344219a63118c020efd16bd2357e_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ffcc33b30f0f78889234b74140bce3a_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\712846e4d7cd015dcdcd7a03e5bb14f7_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\71cf7204515839cf152b3399fae77ade_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\72fe14b0598bd32de034a03aa62e12a1_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7484b3c56a77bc67a0b17a3f02e20fc8_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\74c4e8d57cc7dda74c6c505a94955adc_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7522fd14e38499331b42e7d39261d135_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\759742455fc37e1acaf752fb83b83175_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77cf3b0ecfc7d39ac919335585557336_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77f10579cb72d664cc5693d6f9b26881_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\78849690a3d385080730c23f63375eda_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b0ce3a8923e975a7d43a2ba38370879_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b9990ef30a9a4fc4ad707e6c1cb6af9_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ba1e9a47098369686735d993c03e4c9_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cec92a5d86c1c514aad83b80a1641cf_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e3c05527c804e3ccf24d533355cb645_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f4357d7ffb8db5f4512dde5105fad78_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\806a29fc6636cdfe2ccd10448484c2b4_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80c6a02b5db4e75f319e8261dc3f3cf4_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\813a80aafb45195a1fe07505ff287d6d_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\81d0a0d78c4e4622f6d3079604877a42_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\825d491ccab634310a572ab1219a4598_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8304ab5fe876f567581f433f86d2618d_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\830a86bcfbe985818ad0f4b126dbf3eb_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\834a63e093aa44c58e119f62eb5934d5_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8364f8ec5ec01e497c1f488d9f0a4871_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\85f2909eff289bf2aedfc412a135ff3f_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\865d9ae2f67b247ec3e087a186c8476f_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\868580dea45b9e932e49bd6c6a040325_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a596cf647aafac9ea2a2967262ea3ef_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b24df8399b05f472e0d38aea1ff493b_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b70234f235175ae9351cb330fe741c9_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8cd575151c75dd4aebc285b14ce0887d_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8d606dc84e0590f99ee7d57a9fa5f744_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8ecaaf40a41cf56f564e7e0fa54f6155_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\91e3215548c47898fd63a7650982a9a1_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9332d996282bd2e716c307ecf005f63d_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\93b5515fa75611ef12c385235d78b4c5_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\943de07152855a3b00d1b673b58d9d3f_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\961351538a8d42b904375afc745c072b_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\96ce47f721521c85736d03685a1382a8_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\973eeeaeb23ee5df3df270c39e3cdd9c_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\97f87732c55864c948eb00e01c8a44be_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\98591bdd1c40a96ae202abf27227e136_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\999c5a2926d8e887e999dcb21b601126_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a344fee96408d6812a4dd39bd2059a9_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9d7517bea67188ee6f520945493fdbd9_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9de4a3b6d8cb94a57ebe42f93e6c4576_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9eb058b58d43fccc33ad8f42c5804f68_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9eb661606ffeb9282d493e0191de8b8d_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f64a3c9ac0d67166510da0c2eb91a42_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a09b67590b1a0ba48aa91d835b25c43c_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0ba322fcad0b0f1868c96d2d77cc61b_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a393cc23aefe11b97791c821e95f7c9f_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a400c09ca4be8531364d7111581c9ae7_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a4c45f3aa1edafd6ddce3a0f37c3120e_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a50eed3f179711107bb7990d0dd05a36_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5887bbc83d2421a024e61d9941912aa_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a6c1ed3abd1b26dd826a537f0aa9af3d_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a76a11e3116c9bee7c397ff78040aaed_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a9fbd78ee91fe3c9cbcbedef38c07c8d_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa3a7632cf00a31e6b953271419a946c_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac9523d81cd493585a8a2866c0975838_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ad2c9731d8ae569978b152cfe5ad49b4_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\add95aa49219ec3b508ea74f4e51fa2b_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae6870edff95a8faee8d7c12cd4c689f_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b0bb8c61155f842d92669c9fe86ae776_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b222087ae7d33109cfd0412709753331_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b22e581ca3093a33405da84f54a4b700_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b39edf1f33701eba049b2d07d8c65cc1_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b3c0e331f08eed6dfa9c19102c6959e8_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b407d4c8b68b340e5bf9a1ef43a208dc_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b84ef73110a384f636c6ebb4191c5190_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b9434a844fa07d356f4fa5c2dad4efcd_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b9683a74eb00bd3a04feed3956d52f56_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b9aa079015544c272af4ede105ec8a21_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ba0cd888838d465d57d5af827c55bbce_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb23ee35df2fb0ec35d4817a105ae5e2_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bde0aca06354b18f4c354a47532022ad_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf681e1d2fd6d4d92c87161b31e5daf3_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf8aaaff1982ade5f5d94d515362c12e_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bfa514899d5f1a4fbf053997636a369c_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bfa8e6a58f9ae6b70069a9159e929e88_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bfed64ae07feb3948bdefbe11bb81854_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c19efc142d8872be43f18e5de3334258_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2292f7318ff029702ee352bd96c7390_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2aec01d6ce454cd8489a3f27a38587c_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c32b73f98b9287453e1671db339332c2_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c33be9868038fb001ca30a41053ca0dc_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c45cd4ff31716eecd06a7b64d26c4e2b_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7cc8f00049ede0f7ab96c5ff2a219c5_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7d0d703efaba7755c10cdfb34868a4a_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7fc9dcf9b5e5a1e6763edcd29fc1cc2_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c89824b9c2ccce9c6745ee2c7dbd9b13_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c8ce763ea450dfaacbc5dc8effedb726_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc7e3279166ae821c554ff5b8b88c7dc_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd801d4b3f7bf7e4ddd61518dc180615_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd838088faa277899cdbb7ebb1d509d9_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce9e15ce44f193b318742b8f23e42bf7_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d0a4d77de7eedf2d8238b2cb80a99c91_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d0c6c9330130e5556dbfd2770e20d92a_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc3c93a8de0174cc36cd90b58bba6ace_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc4869a2d4bb4bd1cff545df576571a2_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd07fc8b0425a8cdf2d3539f10f68252_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd270f121b51051c1ed6007a7dd90f07_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e54d934a987a1023dfafdc1b6259443d_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e59ee9b7cc9f54419ca9701748a8e8c1_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e69c3b7d633e4b141d0ced9b061eb35f_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e743424adfff18ad6b8d019b10820134_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e825a1fb606b9e5dfe8738cbad72be74_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e9cb82cfe429ebcd695e13fd13652f84_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ebf66121785e8fa67acc6baa61296e39_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ec6980a4c92133754ca854acac398cc8_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed6ea6b63bccb59e24181bea7d8d5bdd_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\edef4c3477fcde5e710ef5273f5d571b_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee7334733dd96f828b113d286a4e645a_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ef137e8524dc87712e18cc502ad745ab_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\efe978ab31b1a311646ae0978f57f259_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f011a6763d426c4c2e11159efdfbbba1_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f09cc120c251d1086d862385055e79e6_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f235d6b56ad648159545342b6052dd1c_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2fb73c276302e71080fe3622f299882_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3405cb1d1235b6b5a5b52c7d0d3abb2_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f54aa4d8caefed67ea842abd832cd6d0_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f69592236993544516a3f15f3ec31436_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f763747ed6d94f3448acf48f02ca64a2_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8ab0f167964b75c642cca63b83bd3fa_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f9513e58afc37252d8be57b67fd1a268_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f9bbd765a19183954c57b94f140f4767_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa21f2abf03d2ac982aa1270d7e745c1_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fbf35a15094c654d9032f05951afb86f_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fbff519b1f1a7146307f0767000be1c1_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc8c4b0b6a32a00f53e77c49f4149714_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd2f333a245d10996c9213fdd0463b04_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe46b5e618c6a827241e0c48145b7740_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe62a28a7e1928501207c079fde8b3ae_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\feb9fd79639422bd950310320190b587_684ac010-822b-431d-b5a9-865e7ff9dd7e Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-10072006-224131.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/ishost.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Hasitha_2\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Hasitha_2\Application Data\Mozilla\Firefox\Profiles\jqvm88gk.default\cert8.db Object is locked skipped
C:\Documents and Settings\Hasitha_2\Application Data\Mozilla\Firefox\Profiles\jqvm88gk.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Hasitha_2\Application Data\Mozilla\Firefox\Profiles\jqvm88gk.default\history.dat Object is locked skipped
C:\Documents and Settings\Hasitha_2\Application Data\Mozilla\Firefox\Profiles\jqvm88gk.default\key3.db Object is locked skipped
C:\Documents and Settings\Hasitha_2\Application Data\Mozilla\Firefox\Profiles\jqvm88gk.default\parent.lock Object is locked skipped
C:\Documents and Settings\Hasitha_2\Application Data\Mozilla\Firefox\Profiles\jqvm88gk.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Hasitha_2\Application Data\Mozilla\Firefox\Profiles\jqvm88gk.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Hasitha_2\Application Data\Thunderbird\Profiles\7m25en0w.default\Mail\Local Folders\Trash/[From "Hasitha D" <[email protected]>][Date Sun, 15 Oct 2006 09:46:11 -0500]/UNNAMED/[From "Hasitha D" <[email protected]>][Date Sun, 15 Oct 2006 09:46:13 -0500]/UNNAMED/[From "Hasitha D" <[email protected]>][Date Sun, 15 Oct 2006 09:46:15 -0500]/UNNAMED/[From "Hasitha D" <[email protected]>][Date Sun, 15 Oct 2006 09:46:17 -0500]/UNNAMED/Reboot.exe_gs Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Hasitha_2\Application Data\Thunderbird\Profiles\7m25en0w.default\Mail\Local Folders\Trash/[From "Hasitha D" <[email protected]>][Date Sun, 15 Oct 2006 09:46:11 -0500]/UNNAMED/[From "Hasitha D" <[email protected]>][Date Sun, 15 Oct 2006 09:46:13 -0500]/UNNAMED/[From "Hasitha D" <[email protected]>][Date Sun, 15 Oct 2006 09:46:15 -0500]/UNNAMED/[From "Hasitha D" <[email protected]>][Date Sun, 15 Oct 2006 09:46:17 -0500]/UNNAMED Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Hasitha_2\Application Data\Thunderbird\Profiles\7m25en0w.default\Mail\Local Folders\Trash/[From "Hasitha D" <[email protected]>][Date Sun, 15 Oct 2006 09:46:11 -0500]/UNNAMED/[From "Hasitha D" <[email protected]>][Date Sun, 15 Oct 2006 09:46:13 -0500]/UNNAMED/[From "Hasitha D" <[email protected]>][Date Sun, 15 Oct 2006 09:46:15 -0500]/UNNAMED Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Hasitha_2\Application Data\Thunderbird\Profiles\7m25en0w.default\Mail\Local Folders\Trash/[From "Hasitha D" <[email protected]>][Date Sun, 15 Oct 2006 09:46:11 -0500]/UNNAMED/[From "Hasitha D" <[email protected]>][Date Sun, 15 Oct 2006 09:46:13 -0500]/UNNAMED Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Hasitha_2\Application Data\Thunderbird\Profiles\7m25en0w.default\Mail\Local Folders\Trash/[From "Hasitha D" <[email protected]>][Date Sun, 15 Oct 2006 09:46:11 -0500]/UNNAMED Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Hasitha_2\Application Data\Thunderbird\Profiles\7m25en0w.default\Mail\Local Folders\Trash Mail Berkeley mbox: infected - 5 skipped
C:\Documents and Settings\Hasitha_2\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Hasitha_2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Hasitha_2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Hasitha_2\Local Settings\Application Data\Mozilla\Firefox\Profiles\jqvm88gk.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Hasitha_2\Local Settings\Application Data\Mozilla\Firefox\Profiles\jqvm88gk.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Hasitha_2\Local Settings\Application Data\Mozilla\Firefox\Profiles\jqvm88gk.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Hasitha_2\Local Settings\Application Data\Mozilla\Firefox\Profiles\jqvm88gk.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Hasitha_2\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Hasitha_2\Local Settings\History\History.IE5\MSHist012006102220061023\index.dat Object is locked skipped
C:\Documents and Settings\Hasitha_2\Local Settings\Temp\~DF3294.tmp Object is locked skipped
C:\Documents and Settings\Hasitha_2\Local Settings\Temp\~DFA19F.tmp Object is locked skipped
C:\Documents and Settings\Hasitha_2\Local Settings\Te

Attached Files


Edited by Hasitha, 22 October 2006 - 01:18 PM.

  • 0

#10
loophole
Posted 23 October 2006 - 10:19 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

Actually your computer is pretty clean. AVG just popped while Kaspersky was scanning your restore folders. Those will clean easily.

Browse for and delete this file:
C:\WINDOWS\system32\ishost.exe_tobedeleted

This folder:
C:\VundoFix Backups

Clean out your deleted E-mails, there appears to be a couple that are infected

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.


Are you still having the shutdown problem?
  • 0

#11
Hasitha
Posted 23 October 2006 - 03:28 PM

Hasitha

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you so much!!!!!!!!!!!!!!!!!!!!!

My computer restarted without a glitch! I was, however unable to complete part of your instructions. My deleted e-mails are already wiped from my computer. According to Thunderbird, I have nothing in the trash. I looked through the Kaspersky log myself, and used the path given to find the file that stores all my e-mail, and that read as being 1,197 KB. Well, the trash is supposed to be empty. Should I reinstall Thunderbird?

NOTE: My previous post did not get fully displayed...is there any reason as to why?

Edited by Hasitha, 23 October 2006 - 03:31 PM.

  • 0

#12
loophole
Posted 26 October 2006 - 09:03 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
So sorry, I thought I posted to you already :whistling:

NOTE: My previous post did not get fully displayed...is there any reason as to why?

It was probably too big to fit in one post.

I don't use Thunderbird so I am not sure. I wouldn't go to the trouble of reinstalling Thunderbird if it is working as it should. Try Kaspersky agaain but only scan the folder where its finding the stuff and see what it finds.
  • 0

#13
Hasitha
Posted 26 October 2006 - 03:32 PM

Hasitha

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
It's all right. My computer has been running perfectly for the last few days. No problems, no popups, etc.

Thunderbird, just today, started having trouble opening links sent in e-mails. It would freeze-up. I'll reinstall. That would be the simplest method.

Anyways, thanks for all the help. My computer is almost back to perfect condition.

Edited by Hasitha, 26 October 2006 - 03:33 PM.

  • 0

#14
loophole
Posted 26 October 2006 - 04:54 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Great I am glad I could help. :whistling:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP