Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware/virus preventing connection to internet


  • This topic is locked This topic is locked

#1
Time Mist

Time Mist

    Member

  • Member
  • PipPip
  • 12 posts
Hi everyone.

Well the computer is a windows XP computer owned by my 13 and 15 year old (much much younger :whistling: )brothers. They had no anti virus nor firewall set up, and now the problems appear rife. To make matters worse as soon as an internet connection is made the computer crashes (no BSOD) and restarts. So I have had to copy things from my computer to theirs which I have set up beside but not connected to mine.

I tried to follow your instructions of things to do before posting a log but something were impossible due to no internet connection.

I removed as much as I could of things I googled which I knew to be malware.

I used ATF cleaner.
I copied onto the machine AVG 7.1 anti virus which found :

Worm/Kelvir.LF
Generic2 trojan horse

Smitfraud detected the pe386 problem

I ran Ad AwareSE and Spybot which found 36 possible malware.

I couldn't get online to run the Panda Activscan.

I installed Prevx1 but it will not start as it says that another security product must be blocking activation. But even after turning everything off that I could think of but it still wouldn't activate.

Here is the Hyjack this log.

Logfile of HijackThis v1.99.1
Scan saved at 11:58:22 a.m., on 13/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\{941FBDDB-096C-5129-0901-040402250040}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\HJT\HijackThis.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.millenniumtechnology.co.nz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.millenniumtechnology.co.nz
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Many thanks for looking at this

Pip
  • 0

Advertisements


#2
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi Time Mist,

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  • 0

#3
Time Mist

Time Mist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Armodelux thanks for trying to help :blink:

I can't get Combofix to work it's error message is

C:\documents~\Matt' is not recognised as an internal or external command

The system cannot find the specified path

I have attached an updated "hijack this" log as the other one was a few days old, just on the off chance you need it and since I can't do as you asked :whistling:

Many thanks
Pip

Logfile of HijackThis v1.99.1
Scan saved at 8:52:50 a.m., on 17/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.millenniumtechnology.co.nz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.millenniumtechnology.co.nz
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#4
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Let's try this, move the combofix file to under your C:\ drive and try running it from there.
  • 0

#5
Time Mist

Time Mist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Nope it still doesn'twork in C: It even comes up with exactly the same error message as before. I also tried downloading it again to C: and running it to no avail. Also tried renaming it on the off chance something was blocking it by no good either.

Not liking the way this is going :whistling:

Pip
  • 0

#6
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Neither do I like it. :whistling:

At which stage did he encounter those error messages? Before the disclaimer?


This is a question I received from sUBs, developer of combofix. Are you getting the error right away? Please give exact sequence of events.

Then look under your C:\ drive, if there is a folder named sUBs, delete that folder.

Next download this different version of combofix.

http://download.blee...aB/combofix.exe

Put it in your C:\Windows folder and try to run it from there. If it runs, please post the log.
  • 0

#7
Time Mist

Time Mist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

At which stage did he encounter those error messages? Before the disclaimer?


This is a question I received from sUBs, developer of combofix. Are you getting the error right away? Please give exact sequence of events.



I double clicked on Combo fix, it went straight to the dos prompt/command promt window. It showed the black screen with C:. There was a pause of a split second then the error message came up. Because I couldn't see the message properly because the prompt shut down almost instantly, I then went to the command promt in start - programs - accesories. I went to c: and typed combofix.exe. The same error message came up.

Then look under your C:\ drive, if there is a folder named sUBs, delete that folder.



Nope no folder sorry.

Next download this different version of combofix.


Put it in your C:\Windows folder and try to run it from there. If it runs, please post the log.


The new Combofix didn't work either it came up with exactly the same error message in the same way.


BUT! I have found a way round this error and combo fix is running at this very minute but I don't know if it was the right thing to do. Because the error was relating to the administrator account of my brothers' I created a new administrator account and ran the program from there. Combo fix worked so I decided to delete the offending Administrators account. I know this doesn't solve any problems but at least I can run Combofix now. (That what happens when you mess with a women she cleans house :whistling:)

Below is the Combo log (woohoo)


Me and thee - 06-11-19 18:30:51.81 Service Pack 2
ComboFix 06.11.18W - Running from: "C:\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


\Documents and Settings\Me and thee\Application Data\Lavasoft\Ad-Aware\description.ini
\sUBs\TSF\LIST-C.bat
\WINDOWS\system32\dllcache\rmcast.sys
\WINDOWS\system32\drivers\rmcast.sys


((((((((((((((((((((((((((((((( Files Created from 2006-10-19 to 2006-11-19 ))))))))))))))))))))))))))))))))))


2006-11-19 19:21 200,064 --a------ C:\WINDOWS\system32\drivers\rmcast.sys
2006-11-19 18:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2006-11-19 13:55 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Macromedia
2006-11-19 12:46 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Lavasoft
2006-11-19 12:24 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Google
2006-11-19 12:00 <DIR> d-------- C:\Program Files\Grisoft
2006-11-19 10:04 <DIR> d-------- C:\Program Files\Documents
2006-11-19 10:01 <DIR> d-------- C:\Program Files\Documents from matt and cam folder in docs and settings
2006-11-19 08:27 <DIR> dr-h----- C:\Documents and Settings\Me and thee\SendTo
2006-11-19 08:27 <DIR> dr-h----- C:\Documents and Settings\Me and thee\Recent
2006-11-19 08:27 <DIR> dr-h----- C:\Documents and Settings\Me and thee\Application Data\.
2006-11-19 08:27 <DIR> dr-h----- C:\Documents and Settings\Me and thee\Application Data
2006-11-19 08:27 <DIR> dr------- C:\Documents and Settings\Me and thee\Start Menu
2006-11-19 08:27 <DIR> dr------- C:\Documents and Settings\Me and thee\My Documents
2006-11-19 08:27 <DIR> dr------- C:\Documents and Settings\Me and thee\Favorites
2006-11-19 08:27 <DIR> d--h----- C:\Documents and Settings\Me and thee\Templates
2006-11-19 08:27 <DIR> d--h----- C:\Documents and Settings\Me and thee\PrintHood
2006-11-19 08:27 <DIR> d--h----- C:\Documents and Settings\Me and thee\NetHood
2006-11-19 08:27 <DIR> d--h----- C:\Documents and Settings\Me and thee\Local Settings
2006-11-19 08:27 <DIR> d---s---- C:\Documents and Settings\Me and thee\UserData
2006-11-19 08:27 <DIR> d---s---- C:\Documents and Settings\Me and thee\Cookies
2006-11-19 08:27 <DIR> d---s---- C:\Documents and Settings\Me and thee\Application Data\Microsoft
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\Desktop
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Symantec
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Sun
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Prevx
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Identities
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\..
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\..
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\.
2006-11-18 16:02 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2006-11-18 14:18 24,576 --a------ C:\WINDOWS\system32\STKIT432.DLL
2006-11-18 14:18 <DIR> d-------- C:\Program Files\Registry Mechanic
2006-11-18 09:20 802,822 --a------ C:\combofix.exe
2006-11-16 11:30 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-15 14:47 <DIR> d-------- C:\Downloaded Program Files
2006-11-14 19:29 <DIR> d-------- C:\Program Files\WAR2
2006-11-14 11:24 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-13 18:50 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-13 16:49 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-13 16:49 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-13 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-13 16:49 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-13 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google
2006-11-13 12:13 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2006-11-13 11:08 <DIR> d-------- C:\HJT
2006-11-13 10:28 <DIR> d-------- C:\WINDOWS\ZoneLabs
2006-11-13 10:17 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-13 09:47 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-11-13 08:25 <DIR> d-------- C:\Program Files\Zone Labs
2006-11-12 22:48 <DIR> d-------- C:\Program Files\SpywareGuard
2006-11-12 21:23 <DIR> d-------- C:\WINDOWS\pss
2006-11-12 19:26 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll
2006-11-12 19:26 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll
2006-11-12 19:26 7,552 --a------ C:\WINDOWS\system32\drivers\pxcom.sys
2006-11-12 19:26 272,256 --a------ C:\WINDOWS\system32\drivers\pxfsf.sys
2006-11-12 19:26 18,560 --a------ C:\WINDOWS\system32\drivers\pxtdi.sys
2006-11-12 19:26 13,568 --a------ C:\WINDOWS\system32\drivers\pxrd.sys
2006-11-12 19:26 11,648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-11-12 19:26 100,864 --a------ C:\WINDOWS\system32\drivers\PxEmu.sys
2006-11-12 19:26 <DIR> d-------- C:\Program Files\Prevx1
2006-11-12 19:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2006-11-12 17:15 2,392 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-12 14:32 80 --a------ C:\WINDOWS\gmer_uninstall.cmd
2006-11-12 14:31 <DIR> d-------- C:\WINDOWS\Internet Logs
2006-11-12 14:28 <DIR> d-------- C:\Program Files\Anti virus programs
2006-11-11 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-11 14:41 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-08 17:28 <DIR> d-------- C:\Program Files\Starcraft
2006-11-05 18:02 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-23 19:30 <DIR> d-------- C:\Program Files\Common Files\Companion Wizard
2006-10-23 19:28 <DIR> d--hs---- C:\WA6P
2006-10-23 19:27 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-10-23 19:27 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required

2006-11-19 19:21 -------- d-------- C:\Program Files\Common Files
2006-11-19 11:54 -------- d-------- C:\Program Files\Common Files\System
2006-11-19 11:49 -------- d-------- C:\Program Files\Nodtronics Pty Ltd
2006-11-19 11:48 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-19 08:27 -------- d-------- C:\Program Files\Windows Media Player
2006-11-15 16:29 -------- d-------- C:\Program Files\TrackMania Nations ESWC
2006-11-15 11:48 -------- d-------- C:\Program Files\Internet Explorer
2006-11-15 11:45 -------- d-------- C:\Program Files\Messenger
2006-11-14 20:11 -------- d-------- C:\Program Files\Google
2006-11-13 19:02 -------- d-------- C:\Program Files\Railroad Tycoon II - Gold Edition
2006-11-13 18:58 -------- d-------- C:\Program Files\Beachhead 2000
2006-11-13 09:47 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-11-12 12:11 -------- d-------- C:\Program Files\MSN Messenger
2006-11-12 12:10 -------- d-------- C:\Program Files\MSN
2006-11-11 15:17 -------- d-------- C:\Program Files\Quick Time
2006-10-14 01:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-12 18:36 -------- d-------- C:\Program Files\EA GAMES
2006-10-08 08:58 -------- d-------- C:\Program Files\UnrealTournament
2006-10-01 18:34 -------- d-------- C:\Program Files\GameSpy Arcade
2006-10-01 18:29 -------- d-------- C:\Program Files\Serious Sam 2
2006-09-13 18:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-26 04:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-25 20:08 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-22 01:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 22:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-09 19:29 1108550 --a------ C:\Program Files\crocodile clips.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
"LTMSG"="LTMSG.exe 7"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe"
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"RegistryMechanic"=""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\C:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\C:\Program Files\LEGO Media]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\C:\Program Files\LEGO Media\LEGO Stunt Rally]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\C:\Program Files\LEGO Media\LEGO Stunt Rally\StuntRally.exe]
@="C:\\Program Files\\LEGO Media\\LEGO Stunt Rally\\StuntRally.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-11-19 19:22:30.21
C:\ComboFix.txt ... 06-11-19 19:22
C:\ComboFix2.txt ... 06-11-19 11:23
C:\ComboFix3.txt ... 06-11-19 08:51
  • 0

#8
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Until we figure out what's going on, please don't run combofix again.

Do you know what these are?

C:\WA6P
C:\Program Files\crocodile clips.exe

The first one is a hidden directory under the C:\ drive, you would need to enable viewing of hidden files to view it.

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

If you don't know what those are, if they don't belong to any program you use, delete them.

Now please copy the following text in the code box to Notepad. Make sure there is no empty line above REGEDIT4. In Notepad go to File > Save As. Name it Fixit.reg, in the drop down box at the bottom choose "All Files", and save it on your desktop. Then double click on Fixit.reg and let it merge with the registry..

REGEDIT4

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=-

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=-

Download
http://www.uploads.e...et/rustbfix.exe
...and save it to your desktop.

Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt). Post the content of these logfiles along with a new HijackThis log.
  • 0

#9
Time Mist

Time Mist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
[quote]Do you know what these are?[quote/]

C:\WA6P
C:\Program Files\crocodile clips.exe

I deleted WAP6 as I didn't know what it was and it did not appear to be a legit program. Crocodile clips is a legit program.


Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt). Post the content of these logfiles along with a new HijackThis log.
[/quote]

Yes two restarts. Here are the logs


************************* Rustock.b-fix -- By ejvindh *************************
Mon 20/11/2006 7:58:26.89


******************* Pre-run Status of system *******************

Rootkit driver PE386 is found. Starting the unload-procedure....
Examine the Avenger-logfile in order to assess the success of the unload-procedure

Rustock.b-ADS attached to the System32-folder:
No streams found.


******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No streams found.


******************************* End of Logfile ********************************




Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\usvwcgpq

*******************

Script file located at: \??\C:\gviuowln.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.


Logfile of HijackThis v1.99.1
Scan saved at 8:11:56 a.m., on 20/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\regedit.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.millenniumtechnology.co.nz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.millenniumtechnology.co.nz
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...lscbase8460.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#10
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Ok, good, the rootkit pe386 is gone.

Now let's do some tidying up and then try a brand new version of combofix.

Open a command prompt (Start > Run and type: cmd)

Copy/paste the following line into the command window and then press Enter.

copy "C:\WINDOWS\system32\drivers\rmcast.sys" "C:\WINDOWS\system32\dllcache"

Type: exit to exit the command window.


Now let's reset your restore points.

Click Start Menu > All Programs > Accessories > System Tools > SystemRestore

Press OK. Choose 'Create a Restore Point' then Next. Name it and press 'Create' then when the confirmation screen shows the restore point has been created click 'Close'

Next goto Start Menu > Run > type

cleanmgr

click OK, when Disk Cleanup opens goto the 'More Options' tab and press 'Cleanup' on the system restore area which will remove all the restore points except the one we just created. To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.


Update Java
  • Go to Start » Control Panel » Add/Remove Programs.
  • Search for all previous installed versions of Java. (J2SE Runtime Environment.... )
  • Click that entry and then click on the Change/Remove button.
  • Then download and install the newest version (Java Runtime Environment (JRE) 5.0 Update 9) from here.
  • Reboot.
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
Delete the latest combofix you downloaded into C:\Windows

Then download the new version:

Download this file - combofix.exe

In this new user account see if you can run it from desktop. If not, move it to C:\Windows and run it from there and then post the new log.
  • 0

Advertisements


#11
Time Mist

Time Mist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Done done done and done :whistling: I have followed your instructions to the letter and below is the new combofix log. It started with absolutely no errors. Thanks again so much for helping me with this.

Pip


Me and thee - 06-11-21 15:14:31.29 Service Pack 2
ComboFix 06.11.19W - Running from: "C:\Documents and Settings\Me and thee\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-21 to 2006-11-21 ))))))))))))))))))))))))))))))))))


2006-11-21 12:12 <DIR> d-------- C:\Program Files\Java
2006-11-21 09:14 <DIR> d-------- C:\Program Files\Common Files\Java
2006-11-20 12:17 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-20 12:17 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-11-20 12:15 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-20 12:13 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-20 08:05 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2006-11-19 19:44 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-19 19:44 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-19 19:44 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-19 19:44 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-19 19:44 23,424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-11-19 19:44 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\AVG7
2006-11-19 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-11-19 19:21 202,240 --a------ C:\WINDOWS\system32\drivers\rmcast.sys
2006-11-19 18:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2006-11-19 13:55 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Macromedia
2006-11-19 12:46 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Lavasoft
2006-11-19 12:24 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Google
2006-11-19 12:00 <DIR> d-------- C:\Program Files\Grisoft
2006-11-19 10:04 <DIR> d-------- C:\Program Files\Documents
2006-11-19 10:01 <DIR> d-------- C:\Program Files\Documents from matt and cam folder in docs and settings
2006-11-19 08:27 <DIR> dr-h----- C:\Documents and Settings\Me and thee\SendTo
2006-11-19 08:27 <DIR> dr-h----- C:\Documents and Settings\Me and thee\Recent
2006-11-19 08:27 <DIR> dr-h----- C:\Documents and Settings\Me and thee\Application Data\.
2006-11-19 08:27 <DIR> dr-h----- C:\Documents and Settings\Me and thee\Application Data
2006-11-19 08:27 <DIR> dr------- C:\Documents and Settings\Me and thee\Start Menu
2006-11-19 08:27 <DIR> dr------- C:\Documents and Settings\Me and thee\My Documents
2006-11-19 08:27 <DIR> dr------- C:\Documents and Settings\Me and thee\Favorites
2006-11-19 08:27 <DIR> d--hs---- C:\Documents and Settings\Me and thee\Cookies
2006-11-19 08:27 <DIR> d--h----- C:\Documents and Settings\Me and thee\Templates
2006-11-19 08:27 <DIR> d--h----- C:\Documents and Settings\Me and thee\PrintHood
2006-11-19 08:27 <DIR> d--h----- C:\Documents and Settings\Me and thee\NetHood
2006-11-19 08:27 <DIR> d--h----- C:\Documents and Settings\Me and thee\Local Settings
2006-11-19 08:27 <DIR> d---s---- C:\Documents and Settings\Me and thee\UserData
2006-11-19 08:27 <DIR> d---s---- C:\Documents and Settings\Me and thee\Application Data\Microsoft
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\Desktop
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Symantec
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Sun
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\Identities
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\Application Data\..
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\..
2006-11-19 08:27 <DIR> d-------- C:\Documents and Settings\Me and thee\.
2006-11-18 16:02 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2006-11-18 14:58 68,978 --a------ C:\WINDOWS\system32\lzx32.sys
2006-11-18 14:18 24,576 --a------ C:\WINDOWS\system32\STKIT432.DLL
2006-11-18 14:18 <DIR> d-------- C:\Program Files\Registry Mechanic
2006-11-16 11:30 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-15 14:47 <DIR> d-------- C:\Downloaded Program Files
2006-11-14 19:29 <DIR> d-------- C:\Program Files\WAR2
2006-11-14 11:24 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-13 18:50 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-13 16:49 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-13 16:49 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-13 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-13 16:49 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-13 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google
2006-11-13 11:08 <DIR> d-------- C:\HJT
2006-11-13 10:28 <DIR> d-------- C:\WINDOWS\ZoneLabs
2006-11-13 10:17 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-13 09:47 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-11-13 08:25 <DIR> d-------- C:\Program Files\Zone Labs
2006-11-12 22:48 <DIR> d-------- C:\Program Files\SpywareGuard
2006-11-12 21:23 <DIR> d-------- C:\WINDOWS\pss
2006-11-12 19:26 11,648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-11-12 17:15 2,392 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-12 14:32 80 --a------ C:\WINDOWS\gmer_uninstall.cmd
2006-11-12 14:31 <DIR> d-------- C:\WINDOWS\Internet Logs
2006-11-12 14:28 <DIR> d-------- C:\Program Files\Anti virus programs
2006-11-11 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-11 14:41 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-08 17:28 <DIR> d-------- C:\Program Files\Starcraft
2006-11-05 18:02 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-27 15:09 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 02:44 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-23 19:30 <DIR> d-------- C:\Program Files\Common Files\Companion Wizard
2006-10-23 19:27 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-10-23 19:27 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-21 15:20 -------- d-------- C:\Program Files\Common Files
2006-11-20 12:24 -------- d-------- C:\Program Files\Internet Explorer
2006-11-19 11:54 -------- d-------- C:\Program Files\Common Files\System
2006-11-19 11:49 -------- d-------- C:\Program Files\Nodtronics Pty Ltd
2006-11-19 11:48 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-19 08:27 -------- d-------- C:\Program Files\Windows Media Player
2006-11-15 16:29 -------- d-------- C:\Program Files\TrackMania Nations ESWC
2006-11-15 11:45 -------- d-------- C:\Program Files\Messenger
2006-11-14 20:11 -------- d-------- C:\Program Files\Google
2006-11-13 19:02 -------- d-------- C:\Program Files\Railroad Tycoon II - Gold Edition
2006-11-13 18:58 -------- d-------- C:\Program Files\Beachhead 2000
2006-11-13 09:47 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-11-12 12:11 -------- d-------- C:\Program Files\MSN Messenger
2006-11-12 12:10 -------- d-------- C:\Program Files\MSN
2006-11-11 15:17 -------- d-------- C:\Program Files\Quick Time
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-14 01:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-12 18:36 -------- d-------- C:\Program Files\EA GAMES
2006-10-08 08:58 -------- d-------- C:\Program Files\UnrealTournament
2006-10-01 18:34 -------- d-------- C:\Program Files\GameSpy Arcade
2006-10-01 18:29 -------- d-------- C:\Program Files\Serious Sam 2
2006-09-13 18:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 17:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-26 04:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-25 20:08 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-22 01:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 22:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-09 19:29 1108550 --a------ C:\Program Files\crocodile clips.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LTMSG"="LTMSG.exe 7"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"RegistryMechanic"=""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\C:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\C:\Program Files\LEGO Media]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\C:\Program Files\LEGO Media\LEGO Stunt Rally]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\C:\Program Files\LEGO Media\LEGO Stunt Rally\StuntRally.exe]
@="C:\\Program Files\\LEGO Media\\LEGO Stunt Rally\\StuntRally.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-11-21 15:21:26.00
C:\ComboFix.txt ... 06-11-21 15:21
  • 0

#12
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
That's good news. The errors should have been due to that old account being corrupted, but that makes me wonder if something else in the system may be corrupted as well. Let's run the System File Checker just in case.

We are going to run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the program, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.
Then rerun the scan. If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise enter Windows CD.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:My Computer
Tools
Folder Options
View
"Check" Hide protected operating system files.
Let's also run an online scan.

Please do an online scan with Kaspersky WebScanner. If you have any quarantined items in your antivirus, please delete those archives before the scan.

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#13
Time Mist

Time Mist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Armodelux


During the scannow scan it didn't ask for the winxp disk or anything. It just did it's thing and that was it :whistling:

Here is the log for the online scan.

Pip


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, November 23, 2006 3:23:25 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/11/2006
Kaspersky Anti-Virus database records: 244112
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 83231
Number of viruses found: 1
Number of infected objects: 6 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:54:27

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00085a2ad6d2a8bc9d44f621a172da6f_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\002941856ea74908aac4f7a1e5277c07_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\02520072a1fc1ce790a4481da2cba627_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0377ed91adc23a80d1543fbc8246c3b3_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0436db3f9ed8043297bb047df5f2aa13_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\047b37359f2cf4e9005d667c48b36234_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\072df4abff5dc670ee76793550e05e79_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07ef13ffa210f4e38f1dfd3e3dc43d0d_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\080c77843a59c15e3db96bbda9b7324e_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0914c85c257ceeb07294090e57877b84_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\095560eb22d447f130a5e8fa26e5ba1c_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ad8421b3820570775548ef62af271ee_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b135e540386fb350903f966959540f0_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0bb1c32e931b083623cace64fe03866d_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c36e7169ac8d72222796c9674e50d6c_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c45ce3f160f2a36a64962471be38661_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0caf5858433e2b0a21d49a61437dfa0a_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d0b0f27233c5f075ae346f80f1cdb40_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d7ff330d6592187508aa45f7f4feb96_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e73ee03af19c0ce89b9562ff0ddd5f1_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f5eb2f15074216f111e7afbdb94b8e9_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\105ad6996d42e2a8c233e992f5bdc651_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\110db0ec034a19531487161d4c4c3370_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\11c9f8380ffa638421d1e32e09d5d29a_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\122d1ddc7209478526d3f44bdbdf53fd_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\123509d791e421401c736f23f96a1544_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\123c42a87a483dd2b61b286208415e2a_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\12d7bf6ffb5803cd759f58cce14d2b4a_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\13aaecbebf904a35f844604e1357eb99_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\13c444f47990fde5de92c90fd3c6c58c_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\13c6ee498050a83d0491e4c6afe854c6_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\13f67cd22b136ae8587b4088c030d353_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\14196ccb00fc427d0050cc133196f3c4_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15494d4e709ee7064e2d40c5e84ccbd3_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\16109096002869deab061d2f7338f562_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\163b9c126057b500079412571baa5573_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\171cf505acfed1a1402a1f134f4a795a_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\17caa4d182f25dc3efdb516cb01cce88_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\183edaa593ea58f86afc827599414e58_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\18c75bbfc5954d34cf184843085870a5_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\18cda8fdcf4e927c6976035ea957b015_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\193a8148358eb2ce14121ecf0a2ffb4c_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\193aa03ba9d153b6361bd5069033c9d7_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\195b4a8557b0c683323d6dee7c1f0e6f_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a4f3e7d59a403b4230e5b65c677f248_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a896c0163ea4c59bcf405b6c8266c93_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ad84641990dec4e850a8b89d939a947_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b34904c7ea802526152ad3a7a3c81c1_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1bc702c520f1ba7d5af900919f62ab8b_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1bf5d11d31c26a49417934df4f7ea8cf_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c8f59433d0520a6bff664979410ce43_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d22097e39e63b8345c6502f9f0cc685_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e5b9ac68a71cba3f87e84888bdad9b3_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\204ddb4020c888ad1916edb5c9ba5ed5_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2052dd09c1143ffdbb3b2ec1414e410f_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2056d4cce824a9ee6d6449ece32c12b2_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2117344f5dd0dcacb405ab595e205cbf_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\231500b08ecc3c7f04457eaa1c1be81f_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23dcb38d74ffc63f327715acfad18c6b_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23e97844c98606c95ef1edc5b3b8929b_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\25941f7aa6a5aafdc7613a2620d4b276_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\25a9229bf957fc4ae864f6c08d3050e1_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\25d89febb76f423ff4671980779fa9fc_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\265786bf57d5e02f36db9dc060d9de4f_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\26833fb0e6154b04929020a504265ea9_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\26925b9bd247d26406427b64d9cda437_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\26d2cc1848be8627821bb00ab52cec30_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2737dcdba934a997b734d5ab7da87bd9_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2784fefb7b9af791e1673161b8871aff_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2793034c5a1a0cce1474af184b2c3447_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\28bd4bdad300d46f358d73ca44ca1fab_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\29126a5c0b6b526c1d4c478da3dd19c5_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\296d65cc99ecf27234ea66ef8895e6e4_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2a12fb692fde3c42a63c62ad0174276c_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b6e3df6dfc65be18a7b85ee005cbbd4_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2cae1f6fe3468097c4dd7a7ca04ef249_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2cc97d583d3dc877f284b9aa6b079adb_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2ce0c4f518168591ecf130c6bea236bd_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2ce0d2ab567e2f25d7585ee14995aca7_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2ce176bc4b2ecee8465f1c5bb5eeb97b_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2ddbec426725763f296c20143a7445be_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f31160d8ac4c7e695ecf98bdc0d6abf_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f392ca86d99cd14b644bd22b5c79792_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3045d19490372c439860908ae27f0d53_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3112d62ee2a2c289ccbf1c16a7f7ccfc_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\319646e21458fbab39849c9a61ad44b0_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\33ec4314534f16693cbe387923891ccb_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\34460d7139817cd0d9c06f91ec0fd131_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3478c1a8c1169685e3a5eafd2efc7eba_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\354a85b440d0d4f32de6f4ced7f7f52e_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\36c479895a4ef60f6908dc9ac4e4b443_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\370e14e5ed40d70515722a637d5806b5_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\372e15c62d5a70e39e9e35b044eaadc9_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\378b4315223f8ec7a87851c8386c4ccc_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\38d04532e0694f52ea8daf2314f5dfea_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3946033e9c850cc479f987288eee6271_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3962919b866ac5df5b3d3520e479dda2_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39fdfbde931b836ba2bbcb830d1fc54d_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3a5434253f2b895fb5c01008fdc75fc4_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3b28fcccef7078c0605bb18eb760563a_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3bfdfca0dfe24f2959b1040a41b6aff5_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c03047952fef9d31e28d8ba65388b38_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ce1f267f7c7640afd406bae8713b60c_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d4a5ab1b0c63724fbc2e661a641202f_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e2abe3c031cae7ce1e5cbe23ebe8c32_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e8e40070e1a4efc93abc4692320ac00_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3fdf7ea2c3b6af3b864213093c30b924_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4046588d109b1cebe607c674aecdbe34_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\406d3eb0c03cc42782ed980544891a84_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\414eb67239d63cdecbba3f3e4485299d_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\42b19df60978ccba7bacb2770eeae6c5_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4348402eee553301e92eb958b5c37dd0_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\43d2284609b15a5f673d6e5f69d89eee_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4484327cac4fc576c24e2d5c40abe41b_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4576f5483a2d4c73a2623d95ad8088d6_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\45a1cbe73c741cd20c0ffcb4473e9f71_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\461dd3f92e5e1da7e01e656c89ec1106_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47a6b4dd354f2817a5b5eb1664e74caa_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47d17b3c1fb33a4fe94ae7172de736fd_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47fc002d22ddfe25a357db4aa83e2e00_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4869c6e6afc667368a88320687d5c952_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\48b945854850bba0c791e18e6e230609_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\48f126d0fbf94494ca6057594ab08489_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4901d8c402d22cb17d5b97a8240a5296_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\49c5ae499a2ea2705c588a1d6289792e_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a6dc5d1176bd99a5e95ccc12eadda67_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a701d7ae7c1b41195d61e56ff4657ee_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4b3460caa2ddefe477288dd39015e666_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4b5a0885e55945cb0da935af56e98cbd_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4b6e787283ea7cdf8d7097747e197c4a_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c442b50d786a8c36ea219f49357b589_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c4c01fb3340f59bc990ef5e69eb0e3d_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c9b4d8197390d623776a1fbdd881ed2_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4ccf83bc3db8b664aeec87fa47a7b2c2_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4cf2be93b2d4d303be242ede45fdd395_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4e60d5105a8091e2d1d9cdbeb89b81ef_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4ec2bc3f284e69639075f4bdc7c1fca1_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4ee1496468ce8d283edacd1e713276b8_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f3198abc336fd8dcd0c49570c602d72_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f8aacb23246f34fae1dac622459b3b1_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\504f494d3cd26aa088ec2db4fc646a84_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5126ca3b6d14abf0592f690f7deaa40f_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\512cfaa3ed37148dce2b1f5373fe4fcb_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51d28aaeb64b5a7fb37e43c60602431d_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\522d7cf2590d7a3f0b78ccb2cddc4b75_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\53d899e8205380d51c5a29d310c578d5_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\54247d3198d16dd8f45864caa34a5755_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\54ac53491f1d23620a667e82207cc746_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\550facd8a5a54aa657359d34625e81e8_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\55edd0c0fe7fcfb3b76700c65b4bc3b0_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\567f2e448f8b0715c90701ec0fd2a4a7_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\574cb36a9e6454b73207f5dbc4096353_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\576db5e8baffb186804e40c683633d5a_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\57e6ae489065124f05c5450880c78c23_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5825aac85859fc97dc32c7a3623a8829_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\587ed54a96caa672c6d6af90dc6ef7cc_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a247b630cdef307390a0aa8127c3f1e_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c9b17ad93e57d679b4e9fed36b626dc_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ceeefe187b96cf1f7d6c85cf764f43e_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5dd129fd6d2281e1a359af5cd41bdebc_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ded5c14e6ad651670fe8747d9f8a9a1_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f7937e0c48609696c2a13734ea4883d_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\60737d375ac6ae953caa991a3d027dd9_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\60af62f4bec77355cb9ce35ea08f1989_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\60e457c0460589a6c7443affc0567e4e_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\61be862677ff8be538a0a230f45b9266_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\64d626cc6d59dd0aa20f8e993a57fd48_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\67ed94d9ec0a77bc375c99242707f651_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6804079b4a9b5561a7451240787f128a_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\687fa1bef4851e6cd0f08faca876c8c5_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\68c0d836b29db04813a136b390c721bc_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6aab0a82733cda356ae71121c884dfa0_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ae31f0d608c381b7de32f68483e123f_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b10942ed1956893ec9d207cd62bb3d6_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b7c5ef6948259f8708855baad352e66_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d3fd4880b258232b2f2edb85b1c576c_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d813335c3ef583155e08a8dd49dad45_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6db8406b18a71410ece9640a8654f2c1_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e88c65e289cd801260b9aa137e89205_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6f1ebeac8c27dc732eacd8a92856fcc7_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6f41d9a4c6e62f99322f44a630624789_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\704f7ef1a47e9d3612b8609ab7e6937a_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\70efe4c1d0fcd7bbc51464b6211cd393_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7147da5d880982c657a9ae35257820a2_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\72722b2ca13bb7859e49c92f1b4b8699_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\73a2a81d604b297451aad85d4547e3e0_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\744fb9eed5f7b182858b37c290e9d8b1_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7542b2c79278c8cdd896ef7f336f5ad6_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\75e9b50dfa505600889754495bea14a6_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\773d96f47ac1aaa158dc9792da47fc1b_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77779ecc3babf1aba32132f79b02b1ae_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7790cac94e747e71bbb6437d963264d5_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\781b762a141e330c4478c301554887fb_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\78a783160a37cb9811ef5d96bdb3abd0_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\792116f90e73844be231e9bbc261dbfb_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\79679ef067de5622427298cbbabf4e43_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7984e7b9a24e2a85b9c80b8135c2f8b6_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a8384df651e929b210df9f82ca97ae9_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a946888b12cdcc0acc1aff34e81f470_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7af73357aec0803a842d4bda4a8d0328_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d25a662731cac7b2784bd4d88a1f261_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f41324c752b7021aaf1fd3b3c817699_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f95f6c7b11b988ddb267701d70ae4aa_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7fe1d30170fd891828359c4360e6af94_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80927b0620c24abe8dcdeee2512c4c18_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80c1b55d251834ba32c7d8f70006f9b9_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80ed5268a25ac8da999dd84da04f2af9_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\813de3423e36d04a06f5253f7d781ea5_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\81ac91fd41098731bc68f35b1733ed21_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8230cadf5eb3725b9280b59ed65ee91e_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\825ad44285717c24f4360bc8f18000cf_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8270314d9ca30ca7fa03d738e7731eee_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8354842070d987ccb4a11492172b2853_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\83a7770a25829b279e8a5239b742452e_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8491405a37d8c51833df1a692aefc5bd_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84c32623abc93227dc1db9b17f6e40cf_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\852af30721a947cf9e45f4080f69f86a_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\854c4b4016e8bd254f585dc252c35e2b_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\85660c3bf7d423a006cf80d274bce7a3_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\85d46664682644b805779e34f32c26fb_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\86df2b5e4fc6f1abb6f258c9d7a1ed7b_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\876d417ee56e7d08706ce18318e0a9cf_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\88bd13ecbdc1c3ccf5caf078517e8388_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\893d2a1be8b431d845bc0b43a2dc0f35_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8addf512126d7e76b27e6c4fcfa3895c_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8aebe20876fe17c5e882e013f47786cf_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b4f8fe4f6a3de8f918600ea8677e717_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8bb20fa0b209b1044988bd9db9e2150a_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c3bb56a27ce447aa9be0ce6c611c2f1_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8cd9803772771065a09ee4a778c3980d_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8d0a1640c234e38b5e2a3e33680b3d4a_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e9fe3ed4676ea7b7d696023b7a84bd0_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8efe36e57c1c50bf342e178e6f5e93cb_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8f5a226e3ee7b6f28b65cdf22b8f11f6_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\917f53f7ca1320b3818502e939b920eb_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9197f8b1d3ca24ae1c6125a8b6d12f71_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\91ade6952c5162f219bbbba23b6f881d_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\92a6282419e9a82379ce4441690e466c_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\92e9683ebeb91f818409373ae82f872f_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\92ff835a29cd22a663e018ac3bc7f1b8_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\933a8d6a9b408ebf98e26ae183d1d3a6_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9494bac430700a680617b374f18a8034_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\94d72f08ffd950b4084e8e5b15f63f7d_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\95da0164cb5b9697f476b3f354d87b61_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\96e12fb3257f8f803d774076748ec145_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\972d348b331a7bfd784d0008247d0844_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\97aa30b6c717b17632700e5e60389340_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9843232f593b2548384295fdddaf471b_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\989056ba5bf736fcb4007a0925549b56_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\99364ce091c65652ee829afe0c8f9596_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a14943d2431370fb6375c41de5440c8_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a53ed510679ae27769334baaff0caf7_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a833bcec9bf3a847a96b4fb5145b7f6_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c17e3f437d8f5d5561fd6ac546196ab_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ca5b18c3166963e75b49cc400b0fdac_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9d6bda4e0ab5d7adf9d83311fbd0fd02_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9d8e491db9b1e7b0cd3ece82f842af23_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e1d9e7abf5b8d9435bdd764f8571d47_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9eb67dc7b6dd32ce8768f660a01c9151_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ef4a9cff19ef55308646dfb092b44fb_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9fdd10452f71d7b48d227ee309223ec8_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0683be24b090ce0d4b1271f85d00814_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0ec5fa19630b5d44aebcdee5162285a_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a1af009de9785cec5f32b262ce65d56b_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a277308eba6eea4a0062768327cbe4c1_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a294a93b610bbc82ca9e82aceb3a2e69_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a38e6b4add680ae0c9ca3b41bd7a7bd8_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5319c4d91dacfd5bccccc7fc9935766_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a603f8581c3433f430fc02079b6d651b_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a67891d888102012186e7ad3a9d9c8f4_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7ac5479875fc9ea7bc19eeeabb47530_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7c1ca988078bab7a8c095777d77b814_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7ca468b9f8e5d9006ae2f4a5adcf4aa_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a8211db5a57a79076a0f8d8d57458a1d_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a90843ab92ecc77c9730a3fadb486c64_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a9c9ae32e4e96b616972da0d67b8c10f_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa29d8c67a4d3a7b6612d2f069ef422e_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa8e3c16d9175bbd793c8202faab2a8e_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ab2a64d6fb15b32a9fb121f8708116b7_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac8d17debc43bc76f02ca95d919d3648_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\acfc7492bc24aac00abcfaf787e537bf_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ad04bcd4a489651bf571358b440e7d7f_c6c630d3-f5af-4e53-9155-054dbf227592 Object is locked skipped
C:\Do
  • 0

#14
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
The log got cut off cause it was too long.

Please find the section where the entries starting with

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto

end, and then post the rest.
  • 0

#15
Time Mist

Time Mist

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sorry about that. BTW yesterday afternoon during a routine AVG scan Trojan Horse Clicker.DOH turned up agan. The path is c:\WINDOWS\system32\Izx.sys. It also says it was a backup copy. This one came up a few times when I was trying to clean the system when I first got hold of the computer. But am not sure why it has suddenly turned up again now after all the cleanup we have done, and the internet is pretty secure on the computer now.





C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Me and thee\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Me and thee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Me and thee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Me and thee\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Me and thee\Local Settings\Temp\~DF8C1E.tmp Object is locked skipped
C:\Documents and Settings\Me and thee\Local Settings\Temp\~DF8C31.tmp Object is locked skipped
C:\Documents and Settings\Me and thee\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Me and thee\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Me and thee\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Me and thee\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AFBAC266-5C74-4066-BBD0-C90EC01B0B54}\RP6\A0002775.sys Object is locked skipped
C:\System Volume Information\_restore{AFBAC266-5C74-4066-BBD0-C90EC01B0B54}\RP6\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\NEWERCOMPUTER.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\ModemLog_Agere Win Modem.txt Object is locked skipped
C:\WINDOWS\Prefetch\layout.ini Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT00bed.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT00bf0.TMP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP