Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32.Darksma Trojan, Vundo.generic & Virtumonde [RESOLVED]


  • This topic is locked This topic is locked

#1
nicknikolovski

nicknikolovski

    Member

  • Member
  • PipPip
  • 11 posts
Hi guys, one week ago I went on the Internet to check my emails when all of sudden I get hit with 3 different viruses/spyware. I have used my Anti-Virus software and a number of spyware removers but to no success. As soon as I clean all these problems up, they come back within minutes after going back on the Internet after a reboot.

Please help. I have uploaded my HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:32 PM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CAP4RSK.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4SWK.EXE
C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tpg.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [BM1347c6d3] Rundll32.exe "C:\WINDOWS\system32\ooaswaol.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Canon LBP3200 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [PAC] Automatic Proxy Configuration
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119872620781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1145427230828
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by9fd.bay9.ho...ex/HMAtchmt.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe

--
End of file - 6591 bytes

Thanks in advance, Nick
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
nicknikolovski

nicknikolovski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Rorschach112, I seem to have removed the viruses by completing Full Virus Scan, deleting existing registry keys that I found in RegEdit and also using HiJackThis. I seem to have fixed it for now.

Thanks for the quick response, I will see how I go in the next few days. If I get into trouble I will seek further assistance.

Thanks again, Nick
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Vundo isn't removed that easily

You should go and follow my instructions
  • 0

#5
nicknikolovski

nicknikolovski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok then, will do.
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok let me know how it goes
  • 0

#7
nicknikolovski

nicknikolovski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi, I carried out the ComboFix Scan. It proved to be very successful. Here is the log of both ComboFix & HiJackThis as requsted.

ComboFix
ComboFix 08-04-20.5 - Nick Nikolovski 2008-04-25 11:49:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.627 [GMT 10:00]
Running from: C:\Documents and Settings\Nick Nikolovski\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\GhgOqBeg.ini
C:\WINDOWS\system32\GhgOqBeg.ini2
C:\WINDOWS\system32\gNnqWvut.ini
C:\WINDOWS\system32\gNnqWvut.ini2
C:\WINDOWS\system32\icjqkwul.ini
C:\WINDOWS\system32\ieehgdwg.dll
C:\WINDOWS\system32\JTEKlUtv.ini
C:\WINDOWS\system32\JTEKlUtv.ini2
C:\WINDOWS\system32\kdknjhjr.dll
C:\WINDOWS\system32\kjllmnmp.ini
C:\WINDOWS\system32\kjllmnmp.ini2
C:\WINDOWS\system32\lafdktyi.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nmnnmnnn.ini
C:\WINDOWS\system32\nmnnmnnn.ini2
C:\WINDOWS\system32\Nnmmonpo.ini
C:\WINDOWS\system32\Nnmmonpo.ini2
C:\WINDOWS\system32\rhawkrto.ini
C:\WINDOWS\system32\rtdtndrv.ini
C:\WINDOWS\system32\sssYayay.ini
C:\WINDOWS\system32\sssYayay.ini2
C:\WINDOWS\system32\UpMedia

.
((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
.

2008-04-21 20:21 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-21 20:02 . 2008-04-23 22:50 <DIR> d-------- C:\Program Files\Hijack This
2008-04-21 18:57 . 2008-04-21 21:14 354 --ahs---- C:\WINDOWS\system32\ifynlvlc.ini
2008-04-20 13:56 . 2008-04-20 20:16 526 --ahs---- C:\WINDOWS\system32\jietuewf.ini
2008-04-19 18:54 . 2008-04-19 18:54 294 --ahs---- C:\WINDOWS\system32\mmdhvcph.ini
2008-04-19 14:49 . 2008-04-19 18:44 406 --ahs---- C:\WINDOWS\system32\fgtohwhp.ini
2008-04-17 21:04 . 2008-04-17 21:04 294 --ahs---- C:\WINDOWS\system32\jauuxbdk.ini
2008-04-17 19:39 . 2008-04-17 20:50 354 --ahs---- C:\WINDOWS\system32\weabxwvk.ini
2008-04-16 23:25 . 2008-04-16 23:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-15 19:18 . 2008-04-17 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-14 19:20 . 2008-04-21 20:16 109,042 --a------ C:\WINDOWS\BM1347c6d3.xml
2008-04-13 20:29 . 2008-04-13 20:29 <DIR> d-------- C:\Program Files\VDMSound

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 12:41 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3677.sys
2008-04-21 10:21 --------- d-----w C:\Program Files\Java
2008-04-17 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-16 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-10 09:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-29 01:21 --------- d-----w C:\Documents and Settings\Nick Nikolovski\Application Data\Vso
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 01:19 --------- d-----w C:\Documents and Settings\Nick Nikolovski\Application Data\ITEDO
2008-03-15 01:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-15 01:16 --------- d-----w C:\Program Files\ITEDO Software
2008-03-09 09:21 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-03-09 09:16 --------- d-----w C:\Program Files\LiveUpdate
2008-03-02 03:00 --------- d-----w C:\Program Files\Bonjour
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-12-01 06:15 87,608 ----a-w C:\Documents and Settings\Nick Nikolovski\Application Data\inst.exe
2007-12-01 06:15 47,360 ----a-w C:\Documents and Settings\Nick Nikolovski\Application Data\pcouffin.sys
2007-09-05 09:57 143,616 ----a-w C:\Documents and Settings\Nick Nikolovski\Application Data\GDIPFONTCACHEV1.DAT
2007-08-28 12:23 1 ----a-w C:\Documents and Settings\Nick Nikolovski\SI.bin
2007-06-17 10:01 92,064 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmmdm.sys
2007-06-17 10:01 9,232 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmmdfl.sys
2007-06-17 10:01 79,328 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmserd.sys
2007-06-17 10:01 66,656 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmbus.sys
2007-06-17 10:01 6,208 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmcmnt.sys
2007-06-17 10:01 5,936 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmwhnt.sys
2007-06-17 10:01 4,048 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmcr.sys
2007-06-17 10:01 25,600 ----a-w C:\Documents and Settings\Nick Nikolovski\usbsermptxp.sys
2007-06-17 10:01 22,768 ----a-w C:\Documents and Settings\Nick Nikolovski\usbsermpt.sys
2005-06-25 00:56 104 --sha-r C:\WINDOWS\system32\6B8A4AA02B.sys
2006-06-18 12:18 661,958 --sha-w C:\WINDOWS\system32\rtutv.bak1
2006-06-20 05:10 667,343 --sha-w C:\WINDOWS\system32\rtutv.bak2
2006-06-20 06:10 665,498 --sha-w C:\WINDOWS\system32\rtutv.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 15:24 86016]
"CAVRID"="C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe" [2006-07-10 18:06 185896]
"CaAvTray"="C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe" [2006-07-10 18:06 230952]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 17:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"MSACM.MSNAUDIO"= msnaudio.acm
"MSACM.CEGSM"= mobilev.acm
"VIDC.NTN1"= NUVision.ax
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"msacm.ac3acm"= AC3ACM.acm
"vidc.dvsd"= mcdvd_32.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gwum.lnk]
backup=C:\WINDOWS\pss\gwum.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick Nikolovski^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick Nikolovski^Start Menu^Programs^Startup^ATO.lnk]
backup=C:\WINDOWS\pss\ATO.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick Nikolovski^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick Nikolovski^Start Menu^Programs^Startup^Registration .LNK]
backup=C:\WINDOWS\pss\Registration .LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick Nikolovski^Start Menu^Programs^Startup^Ubisoft register.lnk]
backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1074f54f]
C:\WINDOWS\system32\kvwxbaew.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ac42def2.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackHoleSurfer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM1347c6d3]
C:\WINDOWS\system32\dnnosqwq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-11 00:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2004-02-03 15:42 401491 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a--c--- 2003-03-31 22:00 44032 C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 15:31 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 06:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 06:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 02:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Access]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monopoly3Setup.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 14:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 18:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-03-24 20:20 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 12:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-06 11:01 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-09-07 05:41 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
--a------ 2006-01-23 15:42 196608 C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"PinnacleSys.MediaServer"=2 (0x2)
"WZCSVC"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"VSS"=3 (0x3)
"usprserv"=3 (0x3)
"UPS"=3 (0x3)
"IDriverT"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"BM1347c6d3"=Rundll32.exe "C:\WINDOWS\system32\ooaswaol.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"C:\Program Files\BitLord\BitLord.exe"= C:\Program Files\BitLord\BitLord.exe:192.168.1.13/255.255.255.255:Enabled:BitLord
"C:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Gigabyte\\BIOS\\GWF32.EXE"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55000:TCP"= 55000:TCP:55000 TCP
"55000:UDP"= 55000:UDP:55000 UDP

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2003-06-10 13:03]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-07 01:11]
R0 SI3112;SiI-3112 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3112.sys [2003-09-04 14:45]
R2 Devx;Devx;C:\WINDOWS\system32\drivers\Devx.sys [2001-09-06 23:21]
R2 ETDrv;ETDrv;C:\WINDOWS\system32\drivers\ETDrv.sys [2003-11-13 00:46]
R2 GLOGODrv;GLOGODrv;C:\WINDOWS\system32\drivers\GLOGODrv.sys [2000-10-12 16:16]
R2 VtPr;VtPr;C:\WINDOWS\system32\drivers\VtPr.sys [2001-10-11 01:10]
R3 BENDER;Pinnacle DV/AV Capture;C:\WINDOWS\system32\drivers\bender.sys [2005-08-19 05:43]
R3 WMIBIOS;%WMIBIOS.ServiceName%;C:\WINDOWS\system32\Drivers\wmibios.sys [2002-10-15 21:33]
R3 WMIINFO;WMIINFO Driver;C:\WINDOWS\system32\Drivers\wmiinfo.sys [2002-05-13 20:16]
S1 StarPort;StarPort Storage Controller;C:\WINDOWS\system32\DRIVERS\StarPort.sys []
S2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-10-04 12:34]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-10-04 12:34]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-10-04 12:34]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys []
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\NICKNI~1\LOCALS~1\Temp\DMSKSSRh.sys []
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bd8cb43-cc3d-11d8-a028-806d6172696f}]
\Shell\AutoRun\command - welcome.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c24325b3-6515-11da-8b9b-000d61640744}]
\Shell\AutoRun\command - F:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-01 11:59:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-09-02 09:02:38 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 12:02:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\eTrust Vet Antivirus\iSafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
C:\WINDOWS\system32\CAP4RSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4SWK.EXE
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-25 12:12:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-25 02:12:09

Pre-Run: 17,971,318,784 bytes free
Post-Run: 22,203,457,536 bytes free

276 --- E O F --- 2008-04-09 20:43:19


HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:25 PM, on 4/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
C:\WINDOWS\system32\CAP4RSK.EXE
C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4SWK.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tpg.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Canon LBP3200 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [PAC] Automatic Proxy Configuration
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119872620781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1145427230828
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by9fd.bay9.ho...ex/HMAtchmt.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe

--
End of file - 7192 bytes
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\ifynlvlc.ini
C:\WINDOWS\system32\jietuewf.ini
C:\WINDOWS\system32\mmdhvcph.ini
C:\WINDOWS\system32\fgtohwhp.ini
C:\WINDOWS\system32\jauuxbdk.ini
C:\WINDOWS\system32\weabxwvk.ini
C:\WINDOWS\BM1347c6d3.xml
C:\WINDOWS\system32\rtutv.bak1
C:\WINDOWS\system32\rtutv.bak2
C:\WINDOWS\system32\rtutv.ini2
C:\WINDOWS\system32\kvwxbaew.dll
C:\WINDOWS\system32\dnnosqwq.dll
C:\WINDOWS\system32\ooaswaol.dll
F:\Autorun.exe

Folder::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1074f54f]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ac42def2.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM1347c6d3]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Access]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monopoly3Setup.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM1347c6d3"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bd8cb43-cc3d-11d8-a028-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c24325b3-6515-11da-8b9b-000d61640744}]

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Reboot and post a new HijackThis log
  • 0

#9
nicknikolovski

nicknikolovski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ComboFix
ComboFix 08-04-20.5 - Nick Nikolovski 2008-04-26 10:55:57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.628 [GMT 10:00]
Running from: C:\Documents and Settings\Nick Nikolovski\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nick Nikolovski\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BM1347c6d3.xml
C:\WINDOWS\system32\dnnosqwq.dll
C:\WINDOWS\system32\fgtohwhp.ini
C:\WINDOWS\system32\ifynlvlc.ini
C:\WINDOWS\system32\jauuxbdk.ini
C:\WINDOWS\system32\jietuewf.ini
C:\WINDOWS\system32\kvwxbaew.dll
C:\WINDOWS\system32\mmdhvcph.ini
C:\WINDOWS\system32\ooaswaol.dll
C:\WINDOWS\system32\rtutv.bak1
C:\WINDOWS\system32\rtutv.bak2
C:\WINDOWS\system32\rtutv.ini2
C:\WINDOWS\system32\weabxwvk.ini
F:\Autorun.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Nick Nikolovski\Application Data\inst.exe
C:\WINDOWS\BM1347c6d3.xml
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\fgtohwhp.ini
C:\WINDOWS\system32\ifynlvlc.ini
C:\WINDOWS\system32\jauuxbdk.ini
C:\WINDOWS\system32\jietuewf.ini
C:\WINDOWS\system32\mmdhvcph.ini
C:\WINDOWS\system32\rtutv.bak1
C:\WINDOWS\system32\rtutv.bak2
C:\WINDOWS\system32\rtutv.ini2
C:\WINDOWS\system32\weabxwvk.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
.

2008-04-21 20:21 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-21 20:02 . 2008-04-25 12:25 <DIR> d-------- C:\Program Files\Hijack This
2008-04-16 23:25 . 2008-04-16 23:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-15 19:18 . 2008-04-17 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-13 20:29 . 2008-04-13 20:29 <DIR> d-------- C:\Program Files\VDMSound

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 09:35 --------- d-----w C:\Program Files\LimeWire
2008-04-21 12:41 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3677.sys
2008-04-21 10:21 --------- d-----w C:\Program Files\Java
2008-04-17 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-16 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-10 09:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-29 01:21 --------- d-----w C:\Documents and Settings\Nick Nikolovski\Application Data\Vso
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 01:19 --------- d-----w C:\Documents and Settings\Nick Nikolovski\Application Data\ITEDO
2008-03-15 01:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-15 01:16 --------- d-----w C:\Program Files\ITEDO Software
2008-03-09 09:21 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-03-09 09:16 --------- d-----w C:\Program Files\LiveUpdate
2008-03-02 03:00 --------- d-----w C:\Program Files\Bonjour
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-12-01 06:15 47,360 ----a-w C:\Documents and Settings\Nick Nikolovski\Application Data\pcouffin.sys
2007-09-05 09:57 143,616 ----a-w C:\Documents and Settings\Nick Nikolovski\Application Data\GDIPFONTCACHEV1.DAT
2007-08-28 12:23 1 ----a-w C:\Documents and Settings\Nick Nikolovski\SI.bin
2007-06-17 10:01 92,064 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmmdm.sys
2007-06-17 10:01 9,232 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmmdfl.sys
2007-06-17 10:01 79,328 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmserd.sys
2007-06-17 10:01 66,656 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmbus.sys
2007-06-17 10:01 6,208 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmcmnt.sys
2007-06-17 10:01 5,936 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmwhnt.sys
2007-06-17 10:01 4,048 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmcr.sys
2007-06-17 10:01 25,600 ----a-w C:\Documents and Settings\Nick Nikolovski\usbsermptxp.sys
2007-06-17 10:01 22,768 ----a-w C:\Documents and Settings\Nick Nikolovski\usbsermpt.sys
2005-06-25 00:56 104 --sha-r C:\WINDOWS\system32\6B8A4AA02B.sys
.

((((((((((((((((((((((((((((( [email protected]_12.11.36.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-25 02:01:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-26 00:06:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-25 01:43:18 61,052 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-26 00:52:38 61,052 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-25 01:43:18 399,522 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-26 00:52:38 399,522 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 15:42 401491]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 15:24 86016]
"CAVRID"="C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe" [2006-07-10 18:06 185896]
"CaAvTray"="C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe" [2006-07-10 18:06 230952]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 17:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"MSACM.MSNAUDIO"= msnaudio.acm
"MSACM.CEGSM"= mobilev.acm
"VIDC.NTN1"= NUVision.ax
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"msacm.ac3acm"= AC3ACM.acm
"vidc.dvsd"= mcdvd_32.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gwum.lnk]
backup=C:\WINDOWS\pss\gwum.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick Nikolovski^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick Nikolovski^Start Menu^Programs^Startup^ATO.lnk]
backup=C:\WINDOWS\pss\ATO.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick Nikolovski^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick Nikolovski^Start Menu^Programs^Startup^Registration .LNK]
backup=C:\WINDOWS\pss\Registration .LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick Nikolovski^Start Menu^Programs^Startup^Ubisoft register.lnk]
backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackHoleSurfer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-11 00:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2004-02-03 15:42 401491 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a--c--- 2003-03-31 22:00 44032 C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 15:31 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 06:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 06:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 02:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 14:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 18:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-03-24 20:20 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 12:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-06 11:01 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-09-07 05:41 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
--a------ 2006-01-23 15:42 196608 C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"PinnacleSys.MediaServer"=2 (0x2)
"WZCSVC"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"VSS"=3 (0x3)
"usprserv"=3 (0x3)
"UPS"=3 (0x3)
"IDriverT"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"C:\Program Files\BitLord\BitLord.exe"= C:\Program Files\BitLord\BitLord.exe:192.168.1.13/255.255.255.255:Enabled:BitLord
"C:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Gigabyte\\BIOS\\GWF32.EXE"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55000:TCP"= 55000:TCP:55000 TCP
"55000:UDP"= 55000:UDP:55000 UDP

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2003-06-10 13:03]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-07 01:11]
R0 SI3112;SiI-3112 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3112.sys [2003-09-04 14:45]
R2 Devx;Devx;C:\WINDOWS\system32\drivers\Devx.sys [2001-09-06 23:21]
R2 ETDrv;ETDrv;C:\WINDOWS\system32\drivers\ETDrv.sys [2003-11-13 00:46]
R2 GLOGODrv;GLOGODrv;C:\WINDOWS\system32\drivers\GLOGODrv.sys [2000-10-12 16:16]
R2 VtPr;VtPr;C:\WINDOWS\system32\drivers\VtPr.sys [2001-10-11 01:10]
R3 BENDER;Pinnacle DV/AV Capture;C:\WINDOWS\system32\drivers\bender.sys [2005-08-19 05:43]
R3 WMIBIOS;%WMIBIOS.ServiceName%;C:\WINDOWS\system32\Drivers\wmibios.sys [2002-10-15 21:33]
R3 WMIINFO;WMIINFO Driver;C:\WINDOWS\system32\Drivers\wmiinfo.sys [2002-05-13 20:16]
S1 StarPort;StarPort Storage Controller;C:\WINDOWS\system32\DRIVERS\StarPort.sys []
S2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-10-04 12:34]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-10-04 12:34]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-10-04 12:34]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys []
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\NICKNI~1\LOCALS~1\Temp\DMSKSSRh.sys []
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-01 11:59:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-09-02 09:02:38 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 11:00:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-26 11:05:36
ComboFix-quarantined-files.txt 2008-04-26 01:04:42
ComboFix2.txt 2008-04-25 02:12:32

Pre-Run: 50,437,156,864 bytes free
Post-Run: 50,424,565,760 bytes free

257 --- E O F --- 2008-04-09 20:43:19

HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:23 AM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
C:\WINDOWS\system32\CAP4RSK.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4SWK.EXE
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tpg.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Canon LBP3200 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [PAC] Automatic Proxy Configuration
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119872620781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1145427230828
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by9fd.bay9.ho...ex/HMAtchmt.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe

--
End of file - 7340 bytes
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

Registry::

Driver::
DMSKSSRh


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall





Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also tell me how your PC is running
  • 0

Advertisements


#11
nicknikolovski

nicknikolovski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ComboFix log
ComboFix 08-04-20.5 - Nick Nikolovski 2008-04-26 20:56:15.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.637 [GMT 10:00]
Running from: C:\Documents and Settings\Nick Nikolovski\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nick Nikolovski\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
.

2008-04-21 20:21 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-21 20:02 . 2008-04-26 11:18 <DIR> d-------- C:\Program Files\Hijack This
2008-04-16 23:25 . 2008-04-16 23:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-15 19:18 . 2008-04-17 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-13 20:29 . 2008-04-13 20:29 <DIR> d-------- C:\Program Files\VDMSound

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 09:35 --------- d-----w C:\Program Files\LimeWire
2008-04-21 12:41 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3677.sys
2008-04-21 10:21 --------- d-----w C:\Program Files\Java
2008-04-17 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-16 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-10 09:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-29 01:21 --------- d-----w C:\Documents and Settings\Nick Nikolovski\Application Data\Vso
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 01:19 --------- d-----w C:\Documents and Settings\Nick Nikolovski\Application Data\ITEDO
2008-03-15 01:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-15 01:16 --------- d-----w C:\Program Files\ITEDO Software
2008-03-09 09:21 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-03-09 09:16 --------- d-----w C:\Program Files\LiveUpdate
2008-03-02 03:00 --------- d-----w C:\Program Files\Bonjour
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-12-01 06:15 47,360 ----a-w C:\Documents and Settings\Nick Nikolovski\Application Data\pcouffin.sys
2007-09-05 09:57 143,616 ----a-w C:\Documents and Settings\Nick Nikolovski\Application Data\GDIPFONTCACHEV1.DAT
2007-08-28 12:23 1 ----a-w C:\Documents and Settings\Nick Nikolovski\SI.bin
2007-06-17 10:01 92,064 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmmdm.sys
2007-06-17 10:01 9,232 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmmdfl.sys
2007-06-17 10:01 79,328 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmserd.sys
2007-06-17 10:01 66,656 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmbus.sys
2007-06-17 10:01 6,208 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmcmnt.sys
2007-06-17 10:01 5,936 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmwhnt.sys
2007-06-17 10:01 4,048 ----a-w C:\Documents and Settings\Nick Nikolovski\mqdmcr.sys
2007-06-17 10:01 25,600 ----a-w C:\Documents and Settings\Nick Nikolovski\usbsermptxp.sys
2007-06-17 10:01 22,768 ----a-w C:\Documents and Settings\Nick Nikolovski\usbsermpt.sys
2005-06-25 00:56 104 --sha-r C:\WINDOWS\system32\6B8A4AA02B.sys
.

((((((((((((((((((((((((((((( [email protected]_12.11.36.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-25 02:01:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-26 10:50:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-25 01:43:18 61,052 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-26 10:55:02 61,052 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-25 01:43:18 399,522 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-26 10:55:02 399,522 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 15:42 401491]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 15:24 86016]
"CAVRID"="C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe" [2006-07-10 18:06 185896]
"CaAvTray"="C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe" [2006-07-10 18:06 230952]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 17:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"MSACM.MSNAUDIO"= msnaudio.acm
"MSACM.CEGSM"= mobilev.acm
"VIDC.NTN1"= NUVision.ax
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"msacm.ac3acm"= AC3ACM.acm
"vidc.dvsd"= mcdvd_32.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gwum.lnk]
backup=C:\WINDOWS\pss\gwum.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick Nikolovski^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick Nikolovski^Start Menu^Programs^Startup^ATO.lnk]
backup=C:\WINDOWS\pss\ATO.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick Nikolovski^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick Nikolovski^Start Menu^Programs^Startup^Registration .LNK]
backup=C:\WINDOWS\pss\Registration .LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick Nikolovski^Start Menu^Programs^Startup^Ubisoft register.lnk]
backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackHoleSurfer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-11 00:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2004-02-03 15:42 401491 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a--c--- 2003-03-31 22:00 44032 C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 15:31 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 06:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 06:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 02:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 14:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 18:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-03-24 20:20 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 12:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-06 11:01 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-09-07 05:41 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
--a------ 2006-01-23 15:42 196608 C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"PinnacleSys.MediaServer"=2 (0x2)
"WZCSVC"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"VSS"=3 (0x3)
"usprserv"=3 (0x3)
"UPS"=3 (0x3)
"IDriverT"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"C:\Program Files\BitLord\BitLord.exe"= C:\Program Files\BitLord\BitLord.exe:192.168.1.13/255.255.255.255:Enabled:BitLord
"C:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Gigabyte\\BIOS\\GWF32.EXE"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55000:TCP"= 55000:TCP:55000 TCP
"55000:UDP"= 55000:UDP:55000 UDP

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2003-06-10 13:03]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-07 01:11]
R0 SI3112;SiI-3112 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3112.sys [2003-09-04 14:45]
R2 Devx;Devx;C:\WINDOWS\system32\drivers\Devx.sys [2001-09-06 23:21]
R2 ETDrv;ETDrv;C:\WINDOWS\system32\drivers\ETDrv.sys [2003-11-13 00:46]
R2 GLOGODrv;GLOGODrv;C:\WINDOWS\system32\drivers\GLOGODrv.sys [2000-10-12 16:16]
R2 VtPr;VtPr;C:\WINDOWS\system32\drivers\VtPr.sys [2001-10-11 01:10]
R3 BENDER;Pinnacle DV/AV Capture;C:\WINDOWS\system32\drivers\bender.sys [2005-08-19 05:43]
R3 WMIBIOS;%WMIBIOS.ServiceName%;C:\WINDOWS\system32\Drivers\wmibios.sys [2002-10-15 21:33]
R3 WMIINFO;WMIINFO Driver;C:\WINDOWS\system32\Drivers\wmiinfo.sys [2002-05-13 20:16]
S1 StarPort;StarPort Storage Controller;C:\WINDOWS\system32\DRIVERS\StarPort.sys []
S2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-10-04 12:34]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-10-04 12:34]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-10-04 12:34]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys []
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\NICKNI~1\LOCALS~1\Temp\DMSKSSRh.sys []
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-01 11:59:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-09-02 09:02:38 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 21:00:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-26 21:05:48
ComboFix-quarantined-files.txt 2008-04-26 11:04:53
ComboFix2.txt 2008-04-26 01:05:37
ComboFix3.txt 2008-04-25 02:12:32

Pre-Run: 50,451,746,816 bytes free
Post-Run: 50,438,320,128 bytes free

227 --- E O F --- 2008-04-09 20:43:19

Kaspersky log
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 26, 2008 11:03:03 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/04/2008
Kaspersky Anti-Virus database records: 726288
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 130380
Number of viruses found: 3
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 01:33:35

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\008a61aa38d98b08a9fa288d59c1922a_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\01a101b217f28ba909190d8fc1093ba5_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\032f3510537db39d06dc58a9e5f79e33_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\04fd59b5f8e76af6d2e3426de9febb7f_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05387305d034521343c6394a5bd1d193_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\055d8019ba02ec732eb4b4a499b1776c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\056facd1ffafc4dfec3a87287500c8b7_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\057675fd27a6012a607680e588750b62_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07d459ecec5cb96e4bfbb2c01feb1631_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07d8b57998508bf38b238ea7b4f7cb5a_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\084d2b9eac4bea1598fbe0f03ba3cda6_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\09366687348d2eec6fed2f0ec7c9466a_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\098184e106a032b133a7ada165c76328_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\09f938c7df54bc1b2f9f06358274ce9f_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0a0f5299c94b85579046159709ec13bf_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ec9f1393f5c67ae18cc0d7700374a0c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ee7249033739fa4036de58f7e3aee09_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f29b54cfb2bd33061b66d44a909d072_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\100cd63061f8651d3d991299a9ee9446_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\102db71cbfd5c2bcd87cf4850d2b34bb_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\11a4b3b9b669d306af3749af1f595bd6_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\130a9dd7e6b8c93522266dc9b757f609_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1413acaef0bdb8beebb92551cddd3820_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\153e4df21edb23578e22236d20e7080a_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15f6498c46e6acc3907fcb6ec9147342_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\175c8a4f7859f00c7188bf6196b6e556_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19061fd0eface65286ffc10f3648b215_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b01dd7d08b28b6b0adbf38019ae5d49_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b9d6b754df1781a2b393a30afd10faf_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d2ae5421a01988e3e3a500a10497834_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d5689b86e07a182285e303c3dfa0934_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ec1b3d1c7e41ebe4adc113fc3a81122_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\207b50c91b9627e05166a71fce624640_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\228e88d940b5a4a4e917f17cd087912f_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\22dbcfac4b221aedc766c67c1ce4a256_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\234c6591fa9319ef77c56599b45fe580_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23c913fee5265534aa8e745dbb62a210_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\243d56e78f168fff2815ea70d7e745ca_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2488f8041ab655737ce36e2f980afb85_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24bca48e9c7eb838741868ee3811ff47_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27d9ce5c13c44dd31af666b85e09f50d_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\282eb1cbbae22db428e275c175d50145_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\290bc3429ec3b25b5494d4011cd247df_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b611117eaeb92614a1812cbcd0b7b49_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2c42027b798bfceb665541916fdc5d61_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d6b83c94e5d28d4a4b9c4312677c375_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\30542f883ec90533481afd6e7cd7c24b_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\31c545f6e651e717b3bf7ad4b637c544_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\327979df4475bf53547e3b8d31ad7632_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\33e0e92890e6335babe7dda44daedd81_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35ac4878c7159d7716a2046a4b9c2483_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35bf60663fc41cb485fbfefe9237f547_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3662f45a71b77762f0a4ed1f18ac6efa_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3699836fd2c19b6d18860f2f5ff0662b_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3750cafe4006cc64471a68df36a7f494_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\375961ad061812b43e3a53158b98dc1f_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\379e0893b764865579e0a1871392a4a9_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\393e78c507502c4a2781617469ed4c8e_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39ccec889761cf8517c25073ffe8b6a9_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3bad14233f19f1682a48dfab2a2efeb7_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3cf1ac279f885e1b77530db7f7d3f951_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3df57ab895e37b95a386bbbd1d82e70b_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ebb7d73c8f9143661572bb5d3ac7f57_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3f13d9b9ae51eb4c922abf7a3d157080_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\409d358bac57fc9e7500a0f5ef09e785_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4175c35bf8132e9aa8be6f983085d0be_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\429cc9b5f246379410e269ad79af4fd2_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\43d69f0eeece4f58c933f7c9d4602636_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\43f4b1118b3ecf50f47a9a255ed9ba30_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\454e7bb2a5744371ca932228c60d1c58_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\464cf344fa6bf96c680b7121787a322c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46695984a75f268d99eccf6195d3db36_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4825f5b9c0cb2c277192eb72aa04e4b7_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\482cdda9c663ac2379f25cb5bef5dced_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4b89e5a35c96b9756ba236af04fbadea_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c57d127e173ce5bbd06f8f0435e5ffc_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c7ca112394016a03578958cf079a28e_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d00c2a76924125c78c88fc0b002c96a_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4ecfb9944971618fde517ad76cd11191_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f6c557db105cfbce72ed2be2818b107_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4fce5cdbc7327b7f8f798bf1d6190b36_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4fd17467351412967cd77814daec197c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4fdd28aaadc55528387600b10217a2f7_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51ae13150aa76992fb488eb66f7e0c5c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\52422e1c57d8f30a21ed73fa9b00ff7c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\524982219d2db37a0832adb83536ec73_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\568d461c7eb3f4e371e3be86a2a9fc79_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56c014ec0d5cf7c618242fdee9eb04f4_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5766570c1b7275dc540d245675e201d7_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\57948783ba0be95744618b1485e06a95_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\585e5bdd3619d655cd5d69ccdd8410e8_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\58c12c400508b8d0fe5da3e745995dc2_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\599867cb99bc101e2524834df47ec286_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a0da1c353ba4ce5f3effbb1e2bed741_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a184e1f885de613488451a73deccc13_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b53155ef324fd0cdabf0fc714578898_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ca45aa4842eed4a8081c4a380a19f2a_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5d8c7d655f70841ed467ef75edf42f7f_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5dcbe574baa7ac86943c69a37af6ad2c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f0775234fe3af0189d863a01e9deed4_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f3736365e72b3f086bd34edac89bf7d_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\609964bedd1cb2c8d8527c137497080f_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\62fbe1693fbec6955819bdcdde02ecf7_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\637c2cceb817c1fbe8c691f4c7bbfd64_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\672685f6ef6499e08120cbc00ac4c7d3_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\67602d6e2d4710c04f9e1cc4c5bac0cb_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\67d0d67009837c39be6985b1b95a015e_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\67d81002ff853791841d519f5397c455_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\684cee05d2a974518b2cc1b0eeecdf43_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\698fda699c78ca362433964023b3c1f1_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\699abdaac83cdfa9536366677cba12ba_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a5e3ddfab4ed68b26e107303e680db9_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c680223abd6087dc17b4cfe5af48dcc_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c71a238f2d5c5dfbf123d782bd18585_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c7b8f81c210472d54542c1a22220aa6_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ed1120d28e8a25465123c3cf8e3d880_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\70222ad83dd9648a7ad81ae68f28a454_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7222a1d742755c64bac1f31d5912d474_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7374a7646b6f83418ffa65dec2d7155f_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\737fe36108d55291364f867d2009b74d_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7508ebbe5c4041b05abf81cf5202bfb5_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\758c2f01a5f7325dc5aa8324c40352dd_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\75d8cba5c7c1470de01a1f0ccf8f05d8_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7608a569cf3da1cb1f1f0ca1da2dda37_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\763aea81b95855ab693b3a6743246c50_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77e57c6f3bd67b3086b3ad45a7655f57_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a988b5eab81af83955594e200b8a3cc_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ab4dcbbab02c27bb8e371472cf91e5d_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b710e0f6a6c86cf91557e3e54169452_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d553fb00616f45611930467b2362d4d_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e8ec4d0bf40e7adae6e0b64c9d97ad0_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7efb3d24afda59189f984ed45d95e9fa_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f8495324af4c2ada3deb786033b5ed6_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f8f1da1b8d104db7aeefe7b8be0fed3_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\802c75abd11b85c341a81e6534e01595_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80776a64ef87fd4f2cb26766bea81648_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8087afa32b9a01febb03beb70e334537_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8289fc455ef1a8d7624ad77cc99ac62d_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\833d70cb0edfc070bc9bb2e3c2ee8929_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84602471e2a63b334cd89cddd4b27f34_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84c2b7cda63a648e01a283e412c95ff4_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\859f2381da30ea7af70c23f7c4138390_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\866f1c3b978a95169ab6aeab7418103a_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\87ad04c0b02ed4c00820b1b67a18cca2_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c1ce9364c8a61a067a8930ff07534e4_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e9e52ce5f276ee806bba2bd16b54853_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8f7bc6e7f602a3aef310796fb33ac937_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\906b6834a93a3ef691276d402c58091e_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9229492cb3b595772f616c61233561da_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\967e74dc01b95803efac33f12754af02_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\96f676b6277d94ec7918b97a053873bf_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9977ab4066a87c1247752f3e2dd4c9a1_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a6dfea301ed3bce821b2504ce0c4bfe_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9bf514e148828e3ff798f125dd6f8bc4_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9d5fbff6b2fb7fa3494b9aa0ca7e300e_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9eceb3396b4a68eee3b9cb5ab16099ef_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a01b4d38a021e9fa77e08f6094276206_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a053eb8442e297573a5f0c11c6205801_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a097567b72b7e5b0f986977bb32855de_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a4f4a151db268e16aacfdb7e18561533_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a557303b4c6af7e914b5ea3c2a2acdb6_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a73558f74e702c357e1ba0b4c29185dd_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a867fe573db4a92cf3a9f907ba238315_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a97288bb9ac3dc2d1985aa1e70ed3a8d_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a99901aa5b585b6120dc5c96cac1781c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa718e6bcd187d926a3833335b60f6e6_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa94053c5c3571411b2836c3229751af_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aaeaf6123b679ea86e378769402d1907_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\acbfe186b1f7b5c73d99e38ebd78a350_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae66f78973cb38796cdd021363e85773_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae982504570d2800c998fd6a180cc824_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\af2e6f6a3dd7e53371ea555c23add6d9_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\af57e734ab974d8b9c44b67cd8746323_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b005cea3178432942a8d4291d7ebd4a7_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b215a65e47ed76dc3a13af881a05db00_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b527fa5b2f65765a18739f1d68bfcbc8_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b531895c005852ade553f087483d3483_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b63dfe19e6404f5d85623bc21da7c939_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b6da5d718dbcd63ab5ee89c6d7311112_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7e350eb9b8be66511181d1dace8e506_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b92ed43cbd870ed276fef7e717f0230a_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb219694b2211c80f49e997c61ec2516_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd10376a336f0ce60c60f09265029de3_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be188fed2737cf6c6a422d82229a5d7c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be75b15bc3134f8d8cbafa920aeed3c4_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf3d9eab8cd175772c539c89b2a93714_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf513842c6413593f16eb8e871fb03ab_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf74273718a2ed37736f44c0ee006aa1_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c128b1deaa3b54ced666928d6606d1c2_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c41e1fc46eee56b9141fd1bd937f8a9f_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c43a45a45cfc7744b492dd2e61dc1578_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4549fea08d9c31669da8db94104d722_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4ed25aced96b18ca929bc7eb4845250_0630f47b-106c-4156-a3a5-d0af
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the Kaspersky report again, some of it is missing
  • 0

#13
nicknikolovski

nicknikolovski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 26, 2008 11:03:03 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/04/2008
Kaspersky Anti-Virus database records: 726288
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 130380
Number of viruses found: 3
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 01:33:35

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\008a61aa38d98b08a9fa288d59c1922a_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\01a101b217f28ba909190d8fc1093ba5_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\032f3510537db39d06dc58a9e5f79e33_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\04fd59b5f8e76af6d2e3426de9febb7f_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05387305d034521343c6394a5bd1d193_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\055d8019ba02ec732eb4b4a499b1776c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\056facd1ffafc4dfec3a87287500c8b7_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\057675fd27a6012a607680e588750b62_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07d459ecec5cb96e4bfbb2c01feb1631_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07d8b57998508bf38b238ea7b4f7cb5a_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\084d2b9eac4bea1598fbe0f03ba3cda6_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\09366687348d2eec6fed2f0ec7c9466a_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\098184e106a032b133a7ada165c76328_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\09f938c7df54bc1b2f9f06358274ce9f_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0a0f5299c94b85579046159709ec13bf_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ec9f1393f5c67ae18cc0d7700374a0c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ee7249033739fa4036de58f7e3aee09_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f29b54cfb2bd33061b66d44a909d072_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\100cd63061f8651d3d991299a9ee9446_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\102db71cbfd5c2bcd87cf4850d2b34bb_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\11a4b3b9b669d306af3749af1f595bd6_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\130a9dd7e6b8c93522266dc9b757f609_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1413acaef0bdb8beebb92551cddd3820_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\153e4df21edb23578e22236d20e7080a_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15f6498c46e6acc3907fcb6ec9147342_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\175c8a4f7859f00c7188bf6196b6e556_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19061fd0eface65286ffc10f3648b215_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b01dd7d08b28b6b0adbf38019ae5d49_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b9d6b754df1781a2b393a30afd10faf_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d2ae5421a01988e3e3a500a10497834_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d5689b86e07a182285e303c3dfa0934_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ec1b3d1c7e41ebe4adc113fc3a81122_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\207b50c91b9627e05166a71fce624640_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\228e88d940b5a4a4e917f17cd087912f_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\22dbcfac4b221aedc766c67c1ce4a256_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\234c6591fa9319ef77c56599b45fe580_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23c913fee5265534aa8e745dbb62a210_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\243d56e78f168fff2815ea70d7e745ca_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2488f8041ab655737ce36e2f980afb85_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24bca48e9c7eb838741868ee3811ff47_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27d9ce5c13c44dd31af666b85e09f50d_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\282eb1cbbae22db428e275c175d50145_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\290bc3429ec3b25b5494d4011cd247df_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b611117eaeb92614a1812cbcd0b7b49_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2c42027b798bfceb665541916fdc5d61_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d6b83c94e5d28d4a4b9c4312677c375_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\30542f883ec90533481afd6e7cd7c24b_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\31c545f6e651e717b3bf7ad4b637c544_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\327979df4475bf53547e3b8d31ad7632_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\33e0e92890e6335babe7dda44daedd81_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35ac4878c7159d7716a2046a4b9c2483_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35bf60663fc41cb485fbfefe9237f547_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3662f45a71b77762f0a4ed1f18ac6efa_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3699836fd2c19b6d18860f2f5ff0662b_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3750cafe4006cc64471a68df36a7f494_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\375961ad061812b43e3a53158b98dc1f_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\379e0893b764865579e0a1871392a4a9_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\393e78c507502c4a2781617469ed4c8e_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39ccec889761cf8517c25073ffe8b6a9_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3bad14233f19f1682a48dfab2a2efeb7_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3cf1ac279f885e1b77530db7f7d3f951_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3df57ab895e37b95a386bbbd1d82e70b_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ebb7d73c8f9143661572bb5d3ac7f57_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3f13d9b9ae51eb4c922abf7a3d157080_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\409d358bac57fc9e7500a0f5ef09e785_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4175c35bf8132e9aa8be6f983085d0be_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\429cc9b5f246379410e269ad79af4fd2_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\43d69f0eeece4f58c933f7c9d4602636_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\43f4b1118b3ecf50f47a9a255ed9ba30_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\454e7bb2a5744371ca932228c60d1c58_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\464cf344fa6bf96c680b7121787a322c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46695984a75f268d99eccf6195d3db36_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4825f5b9c0cb2c277192eb72aa04e4b7_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\482cdda9c663ac2379f25cb5bef5dced_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4b89e5a35c96b9756ba236af04fbadea_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c57d127e173ce5bbd06f8f0435e5ffc_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c7ca112394016a03578958cf079a28e_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d00c2a76924125c78c88fc0b002c96a_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4ecfb9944971618fde517ad76cd11191_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f6c557db105cfbce72ed2be2818b107_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4fce5cdbc7327b7f8f798bf1d6190b36_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4fd17467351412967cd77814daec197c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4fdd28aaadc55528387600b10217a2f7_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51ae13150aa76992fb488eb66f7e0c5c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\52422e1c57d8f30a21ed73fa9b00ff7c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\524982219d2db37a0832adb83536ec73_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\568d461c7eb3f4e371e3be86a2a9fc79_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56c014ec0d5cf7c618242fdee9eb04f4_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5766570c1b7275dc540d245675e201d7_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\57948783ba0be95744618b1485e06a95_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\585e5bdd3619d655cd5d69ccdd8410e8_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\58c12c400508b8d0fe5da3e745995dc2_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\599867cb99bc101e2524834df47ec286_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a0da1c353ba4ce5f3effbb1e2bed741_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a184e1f885de613488451a73deccc13_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b53155ef324fd0cdabf0fc714578898_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ca45aa4842eed4a8081c4a380a19f2a_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5d8c7d655f70841ed467ef75edf42f7f_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5dcbe574baa7ac86943c69a37af6ad2c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f0775234fe3af0189d863a01e9deed4_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f3736365e72b3f086bd34edac89bf7d_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\609964bedd1cb2c8d8527c137497080f_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\62fbe1693fbec6955819bdcdde02ecf7_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\637c2cceb817c1fbe8c691f4c7bbfd64_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\672685f6ef6499e08120cbc00ac4c7d3_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\67602d6e2d4710c04f9e1cc4c5bac0cb_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\67d0d67009837c39be6985b1b95a015e_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\67d81002ff853791841d519f5397c455_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\684cee05d2a974518b2cc1b0eeecdf43_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\698fda699c78ca362433964023b3c1f1_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\699abdaac83cdfa9536366677cba12ba_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a5e3ddfab4ed68b26e107303e680db9_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c680223abd6087dc17b4cfe5af48dcc_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c71a238f2d5c5dfbf123d782bd18585_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c7b8f81c210472d54542c1a22220aa6_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ed1120d28e8a25465123c3cf8e3d880_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\70222ad83dd9648a7ad81ae68f28a454_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7222a1d742755c64bac1f31d5912d474_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7374a7646b6f83418ffa65dec2d7155f_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\737fe36108d55291364f867d2009b74d_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7508ebbe5c4041b05abf81cf5202bfb5_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\758c2f01a5f7325dc5aa8324c40352dd_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\75d8cba5c7c1470de01a1f0ccf8f05d8_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7608a569cf3da1cb1f1f0ca1da2dda37_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\763aea81b95855ab693b3a6743246c50_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77e57c6f3bd67b3086b3ad45a7655f57_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a988b5eab81af83955594e200b8a3cc_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ab4dcbbab02c27bb8e371472cf91e5d_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b710e0f6a6c86cf91557e3e54169452_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d553fb00616f45611930467b2362d4d_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e8ec4d0bf40e7adae6e0b64c9d97ad0_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7efb3d24afda59189f984ed45d95e9fa_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f8495324af4c2ada3deb786033b5ed6_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f8f1da1b8d104db7aeefe7b8be0fed3_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\802c75abd11b85c341a81e6534e01595_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80776a64ef87fd4f2cb26766bea81648_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8087afa32b9a01febb03beb70e334537_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8289fc455ef1a8d7624ad77cc99ac62d_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\833d70cb0edfc070bc9bb2e3c2ee8929_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84602471e2a63b334cd89cddd4b27f34_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84c2b7cda63a648e01a283e412c95ff4_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\859f2381da30ea7af70c23f7c4138390_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\866f1c3b978a95169ab6aeab7418103a_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\87ad04c0b02ed4c00820b1b67a18cca2_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c1ce9364c8a61a067a8930ff07534e4_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e9e52ce5f276ee806bba2bd16b54853_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8f7bc6e7f602a3aef310796fb33ac937_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\906b6834a93a3ef691276d402c58091e_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9229492cb3b595772f616c61233561da_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\967e74dc01b95803efac33f12754af02_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\96f676b6277d94ec7918b97a053873bf_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9977ab4066a87c1247752f3e2dd4c9a1_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a6dfea301ed3bce821b2504ce0c4bfe_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9bf514e148828e3ff798f125dd6f8bc4_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9d5fbff6b2fb7fa3494b9aa0ca7e300e_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9eceb3396b4a68eee3b9cb5ab16099ef_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a01b4d38a021e9fa77e08f6094276206_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a053eb8442e297573a5f0c11c6205801_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a097567b72b7e5b0f986977bb32855de_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a4f4a151db268e16aacfdb7e18561533_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a557303b4c6af7e914b5ea3c2a2acdb6_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a73558f74e702c357e1ba0b4c29185dd_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a867fe573db4a92cf3a9f907ba238315_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a97288bb9ac3dc2d1985aa1e70ed3a8d_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a99901aa5b585b6120dc5c96cac1781c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa718e6bcd187d926a3833335b60f6e6_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa94053c5c3571411b2836c3229751af_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aaeaf6123b679ea86e378769402d1907_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\acbfe186b1f7b5c73d99e38ebd78a350_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae66f78973cb38796cdd021363e85773_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae982504570d2800c998fd6a180cc824_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\af2e6f6a3dd7e53371ea555c23add6d9_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\af57e734ab974d8b9c44b67cd8746323_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b005cea3178432942a8d4291d7ebd4a7_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b215a65e47ed76dc3a13af881a05db00_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b527fa5b2f65765a18739f1d68bfcbc8_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b531895c005852ade553f087483d3483_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b63dfe19e6404f5d85623bc21da7c939_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b6da5d718dbcd63ab5ee89c6d7311112_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7e350eb9b8be66511181d1dace8e506_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b92ed43cbd870ed276fef7e717f0230a_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb219694b2211c80f49e997c61ec2516_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd10376a336f0ce60c60f09265029de3_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be188fed2737cf6c6a422d82229a5d7c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be75b15bc3134f8d8cbafa920aeed3c4_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf3d9eab8cd175772c539c89b2a93714_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf513842c6413593f16eb8e871fb03ab_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf74273718a2ed37736f44c0ee006aa1_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c128b1deaa3b54ced666928d6606d1c2_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c41e1fc46eee56b9141fd1bd937f8a9f_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c43a45a45cfc7744b492dd2e61dc1578_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4549fea08d9c31669da8db94104d722_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4ed25aced96b18ca929bc7eb4845250_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7ddd0950750f3d68faac6f1aa0d49e4_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca165521136c62c625cca1bcfe0c6851_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb7b4241ae4d9a97fb6d89864e747caa_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cdb4f07a1d1ae4a21c2b0c40ad21b0fd_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cddd36dbfd9ddc26533f963bf7acceb6_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce4e2c50afdfeb66169a61f87a99bc8c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d039aa44b2ab3228e8eaa8be38201f4b_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d369e84544d8217b069d2bc3508c7923_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4593516c3781cbd1c35cd42f7ed779a_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4a69b0a0de42528a162ecf40d1548df_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d84562f894c02571eecdfcfa39bccd3c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dae77380c994773e36d8a9860bfe5a55_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\db01cc9f5af8f93e99cfcdc494748299_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd15fbad8c976818bf7c7520d66c9aca_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd5fc2aa07b3f272d153b9074c979e15_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\de35691ad1ab0438e1d400aaf53a7880_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df2cd1c88e4e0a122609888851601467_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e0d3124cef35aa005657d611b5bc72e1_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e17114cbefe3c86d14485bddf167ff19_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e3a3b636f4a10fe61aa9e56f51879eba_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4c8b3fb76cb82eb19d23ff8feca59e3_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e55211badcb74a53d021b50cc29f5d30_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e5ae4891a61ee4e7aac99baf1a3b7d12_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e660afac70319ccac7dd5311cfc77211_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e7bfca50abe4217408feba44fd892f6c_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e9a9c9aa11250de851657fd21e5617db_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea40b5f4c6d1e235811a24d37e2c6587_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea612853c3a8772db880d639ab6492d2_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ec726a76f6428b3b58798119f623ba46_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\edff5ca291861814f8447d11028c497a_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee351805ddb7c3a9d6d2de5e5e27bae9_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f415a81d5224aa042985e851cca626d1_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f5d051dc259d5e2e29a3baf2a3ec609a_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f677bf650c641dcd3b832d9dcea562bf_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f684deb72d461b91b7ca5d939c4fe201_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f693e854d42a24c9d79413a209a71939_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f6b9361f18082eeac087e8c2fd33f130_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f6e24bc5b617dc090fda540af1ed47d8_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f82df7000aa43a756a596eb15bbbe2ff_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8bd7f8dba3f3b7ebb3527b66b1360d1_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa2396ac20f882fca0e5a87281c5efb2_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd171af9495ee0d4362e1edd427668f7_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe8f4adbfe73a6a92700dad4657c6dcf_0630f47b-106c-4156-a3a5-d0af199f7d55 Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nick Nikolovski\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nick Nikolovski\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nick Nikolovski\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nick Nikolovski\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nick Nikolovski\Local Settings\Temp\~DF8EF2.tmp Object is locked skipped
C:\Documents and Settings\Nick Nikolovski\Local Settings\Temp\~DF8F08.tmp Object is locked skipped
C:\Documents and Settings\Nick Nikolovski\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nick Nikolovski\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Nick Nikolovski\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ieehgdwg.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kdknjhjr.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lafdktyi.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\~.exe.vir Infected: Trojan.Win32.Agent.cyt skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BD719AD5-150C-46A2-A8BC-D96B2763EE92}\RP2\A0000085.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\System Volume Information\_restore{BD719AD5-150C-46A2-A8BC-D96B2763EE92}\RP2\A0000086.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\System Volume Information\_restore{BD719AD5-150C-46A2-A8BC-D96B2763EE92}\RP2\A0000087.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\System Volume Information\_restore{BD719AD5-150C-46A2-A8BC-D96B2763EE92}\RP3\A0000217.exe Infected: Trojan.Win32.Agent.cyt skipped
C:\System Volume Information\_restore{BD719AD5-150C-46A2-A8BC-D96B2763EE92}\RP4\change.log Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\installer_MARKETING8.exe Infected: Trojan-Downloader.Win32.Adload.a skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F6B83487-7B67-4B60-B388-2DBC074368D2}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd3677.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\Downloaded Program Files\installer_MARKETING8.exe
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Then tell me how your PC is running
  • 0

#15
nicknikolovski

nicknikolovski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Explorer killed successfully
C:\WINDOWS\Downloaded Program Files\installer_MARKETING8.exe moved successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04272008_113117

My PC is running normally - no pop-ups, no viruses alerts, no Internet Explorer setting changes. It is running at optimum speed.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP