Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

imapi.exe being a butt [RESOLVED]

Started by Hamze , Jun 01 2008 09:15 AM

  • This topic is locked This topic is locked

#16
Hamze
Posted 07 June 2008 - 02:43 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
The Kaspersky Online Scanner is still scanning. And, your links for both Filefind and ATF cleaner don't work. Where else should I download them?

Everything's a lot better(explorer.exe has not restarted/crashed once).

The scan finished, finally.

Edited by Hamze, 07 June 2008 - 02:47 PM.

  • 0

Advertisements

#17
Hamze
Posted 07 June 2008 - 02:47 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, June 07, 2008 4:47:55 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/06/2008
Kaspersky Anti-Virus database records: 837687
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 138685
Number of viruses found: 41
Number of infected objects: 156
Number of suspicious objects: 2
Duration of the scan process: 01:44:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\0931926e277d480c2cc5252a1397ed2e_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\65ed3ad389ac2a6bef995dada8576976_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\73377cc7ee60d6e11d30eb2a76add1de_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\01290153728c384410f833c4148c5add_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\019d5cd53978282c48f6f87054c8eedb_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\023e1fd19c8921bc3f7c2e25c3646d77_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\02596fde296f72bae60988650e493663_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0454f9605a05aa263c18cd75cd8efe4f_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0629ec6ed52829631e1b2d3c99e2be80_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\06b1985f2a1332aeb223816ab4eee409_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07122b2b903425a704a5a54ff6a1bc73_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\077a1ecde5cebcfbfe95333804666247_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07fc2f2b676d941868200c8cf967dc6b_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\09a2a42345803d73a9cdae42da12c805_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0a66576e4c7c28af0a3659b02345e07a_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0bb166c01e598875441caa943e80c2e4_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0be1413c99120126e95e435c660b0458_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0dac32592a403675b2c3b4167624cc01_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ea8dc8513ee33a7defa7c13564a29a2_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ed9da874720d88becf870a2ae10be54_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\100ecad4a83614d3191734acc9461572_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\115b12289963ca14b1ffdf7594fe1669_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\115b8af0a2a31b5e5c63191c6753c162_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\12b7dc35c748db90b9a068c06699603d_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\12c6251ee0dbfac57999cb302ecbd70c_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\13fa21716fe0f3cf8fd983476d070096_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\140c849ad016647b81b07c78cae6c302_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1434019528668ceccbd8924ad331ce02_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1646e31f6f69e5ec412d9cd87f975f2e_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\16883fcb357a0e2b3e36764bdb491e75_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\16df4e617264e2f9c9c3a92ce8f6d794_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1731503f0c1bd7c349210959695143de_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\175ef0b7307553d314ba37dbbf8625fa_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\18eba102303fbdcf249dec78ffa9380d_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\18f36875097623c2505b86602a7da135_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\190e26311237095e87550031bda0921f_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19a224dea4d6753fc02b15ecd3ef0dee_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a4625192ec1e6fc9f03294f28ed0dcd_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ab28e5117da0c1f638b95ef56d089c2_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c1c131febebe9b294beba1e61e23c39_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1cc9d9002398b9b3a1d33cb6ea5a983f_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e67c5c8f27edc0e7ed87fd34de55b41_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2011483c7f0be22945dd615960621f76_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\20220cbf2802160727b1efa99732661d_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\205349fce1d79c15003d00173e8177a8_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2167cb2adeb95cc4874d20d9cc80d1ca_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\21d3e7505e7c34734c1f07d6be6bb335_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\22113b58eacdfee9c99af5b130361483_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\22271a26e76c83d30036e4887f50017a_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\22e17a4d11ec2f76caa41e36cf417674_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2543a0ad2f022146ed50d544144e0458_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\25ccdbe22b162cce392508fd45c64ec8_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\26b06b701c30c27084cedd8cccf16623_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\26bfbf315d5f762383583ac8f92121a3_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2717f8e0c965500f46a303797f9a7fe7_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2776155194a17183389ab44aa41cf600_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27bee9ce198eb456f72d7372b6fed28e_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27f2dc9a691c24f42e8075b71b6e96c5_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\290842a9934e54edf5e51bb7da8c2121_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\298412e60b96b6e771d400890f8c0fde_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2abce06dab3045953430c765ce3a1a9b_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2af6d0d84902ea8ea38beeaead6c1918_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2c8c429220c7f6c0fa9799bacbad84f5_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d0adb00a1f2a4e2400052ac7187924d_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d2dacd4c7647a56994e4f7b0a79d2cd_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e24e8f5d39095be74c522219925d2d7_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e2a8e3bdcb9df51c269ab20e59b65ce_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e4d6870b9a69e4f1faca437991a343c_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2fb74b71a4ae1fdce055eccf75663842_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3122e05a5613b00b574dece8796ff1c4_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3256a3521509255ef0267963c4253847_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\325aab19b7a71799a77a40e654a903c5_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\33000e1b04516799cc780202de51da4c_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3323c65243d49aa8125007645df8e3ed_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\369eeab42d9f6b742512f9edd98437f7_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37be217f0ad41ba49099c3602b9fccfd_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\386416880ae217c52408dc31a7864adc_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3a06f9ec61e94ed95dfff1671ec364fc_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3b4c1d6e0160b5c897a3599b92dff2cf_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c1caf4a631f676fa7c529ec6cdd83d6_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c22cc2836548c307713456e7d46bca6_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e006429e17ea879bb2f1a41866f1b6f_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3fc41bb7f61669c21c7293401328f5f5_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\402c71fb3d9ba767bfc174d1425c7b03_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\41366f8611fec0d929155a854de47f74_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\419a81899378be7eba6369236de03a1c_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\419cd2017d1d45c98e4fdcc78e46fa68_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\41b81a3d1eeb52dadb622517b919ced6_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\41f8e8463a2bf6eaf4e45a1092667897_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\420c59bfcb27fbb3f0adab7dacd3dc9a_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4358d2e4e29db5ead32f500b402a673c_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\43b83d0b56afb433db02bb394834ebfd_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\449f1c9100748d6454f8fc9be6ea3437_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\452b362a56674aa87a0f52a98bb9d3ab_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\454cc405a717459f1add715b29575771_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46d22231b073b80d75c188c237f1bb7e_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4729e4eb2be48cfdb7cc624c7a6fe76e_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47690096c773e0c7878811e76f9cb337_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\48a8feeea2aa2b9186eacdf0cb245a60_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a07e1ffd81db8778a448f5fa633d3ef_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a94dc3fd8b6e7b5b7fc1b633ef82171_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4bee5fb157a20dbb7b91346c1efd2fe6_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d13b602fc425b147ba1ae8e56bde7a3_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d4d83d82406408b2872145cfa9cdee0_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d6098abc53a0f48ce032bb50b3e8ab9_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4e0c9298629f2414843b51233015c121_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4e6d02730bca0710049ba2b80881a6c2_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f36ffb6e52cb7459a98cda29ff0e97e_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f43cd0fe27b1304d3d47ccada401ae0_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4fb4105a7168d910f624906ff872e8c2_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\50ae45754ff870541bdb5e15a8e5b43b_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5110378bc4ee2056d686cec0712fd852_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\52a6a2fda70b1d4c0831cf8cb11dec07_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\52c6b6553db63245003c71b40a4ea008_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\52f3f153fa567fc0c0880ca2debb5798_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\531177f968f000b99b02e3a916c52d2b_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\54c0ba87f10ae24c3bfdef646200b10d_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\554134c6ceaf4a5a47609beeb6b8b294_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\556582e32a73797109e0b0441cf54eb3_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\55cb910b78219278e22bde7ad63e55eb_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5657a4b336f6e99f9021ca4f72dbc092_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56f87e966f816dcc7957aeda47d9f991_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56fc1036197ebad008dc906d0a170400_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\575c3474200a9806919a499f85f1f22f_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\58ed31f7209a442b54cd720c5e29a536_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\58ef9d891bd526fc20f927e378aa8766_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\59492a277ce4824745a608e102788370_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a89bc73b6ac0f9294bbce1582b1ac7e_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5af4c892714b49e731d461d55a4f5a20_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c4188d64246f7b1b6dd71a65580acf1_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5eba324de1f03d57224fbb5bc9dfd5a1_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\60f2eba885a38c3b68102ad5ce7fc3a2_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\61095c671be0f4ad1bc5cf1fdae2318d_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6392c4c765b5059a94fd11ed464cab53_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\63b9ee6e4dd9f5dad7e5c1d5cbf632f7_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\64ff3b5b293e31db84d54b50317e2f35_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6569f5f9acc0e2deeb58260bb423daa3_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\671562061bc1ea32649d3269d0614305_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\68e35f87c333534fbbb9bb07f1884567_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\694a7ed16fb2adf779b4d32c5f1c03c9_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\69e681ae68eabd229651e9c3f538ca21_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a54e1654caf121a4cc47a28caab4ee8_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6bb4eded9f0479fd2e72a04c9b5c67a6_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c0947e3ed5010effb1941fdef10dfb9_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c593f536f1dd9cb2962dc2b4a1e8850_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c6fbcb01f94e653c652e087e5b2a232_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d4605e638696cf5bc89dbc16dc746c8_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e32ad79c56a91a08a776514bb39334d_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e85b1800e82c38372003d3a673f97ed_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6fbff45cefaac5287196102474e09a73_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\701c672f7a68c678b1fde471695a298b_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\706c5d7349a76f4a93ccd09f22651033_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\712b2022780330643a43db0d640e5ca3_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\714614e5e178c88e399155795b89b088_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\72a739713da1419f89bf91bda9f25bab_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\72e178228d1b1fd5ebaef33b3ae4e4f0_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\783a7b5dcfeb1b97bcd0e63c4af0fcf2_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\788e325395a6f7038852262ee2662cdf_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7916a4ee5b071e40c37d8dd045d4eb26_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\79b24ea7dd9d4c8bbe01647cae0df8f5_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\79eff9f58d24354f7a8cdc1cc92ad643_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a492b9eb09e6943bfa681d57d16481b_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7bef7236ec92a093f5731ec8a0f9e28d_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c3435cdd604e31f33b27048901148bc_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c4b3959efcf2ec520fd9d47a1d661da_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d3b7c0f45cf27a9de3f2dc27c388b6c_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d78f60df08fc3fdd092511feff82886_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ded5bb2c087af8f22fb44ee43efff99_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e40cdb220d7d2258c30b0a3d4e05bf7_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e4bda1eec6392f088ec5238e47c8aca_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e824db6bd121749a6062fed7a878b9c_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7eb994f3be659994c99ff5c0ff1b0dda_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ec088105aa55ad37758267320d2d291_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ff36cd92a8203923d8bd729d5a47991_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80cbe2d7505f9d4039ef9abae697ec52_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\81397cf936fc75ab31f9bd1d7d32e537_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\81b369bc02cce119f7a5c4b0daa8bd71_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\82128142374ae44967cd787af400ba8d_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8269170871da4aff203243cfcc87456a_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\827155f198a0f89dbc161e49b2121622_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84a0d726a47eaf4caef7e247c96a1bb7_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84ce50ae6acd5ea2b32c2fdd7b1d2edd_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\865371b94fa55d7015da9ba0b682d433_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\86b382d9afc6ecf9176cd45cf05ed0fd_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\86fa7aa58be6817e304c8574c34fa0c4_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\877fef9352b4713113e80ca3a948dc8a_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\880269645010c3a66968a7fff730781d_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\893ad49941eabd59c9edf9753389b1d7_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\89ca24f87d64e624ebf15b9dd9f91f48_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a00f6419f1c143e087b22a669a81f45_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a84aa374f50fb7d09b8f92684b5cbaf_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8d02ccf7429b7cff671b60a6a2cfb218_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8d891ec7b694612ff596fa863f755c48_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8d8a49ddf1d0e097336be7bb94bf3057_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8dc4660474a95506b0f826377458141e_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e62fe6f766761ace67280696a263c6e_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e9d0a4321b390032ea1e499dd9ff30b_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e9ded2d058682b0242710547eccd3a7_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8eab3928fa60bdad3eb48715d4c372b4_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\91208ca3226d96cf06727b8ae5729bd8_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\92e26a2f7698e5dcc14adcfb489b3abd_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9300065a4fdb7af10c895362b485f7e0_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\93bbddc48223599549e10f02249ba82d_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\93e17d5d3fdc8253f5e92e6b90bca5e6_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9418156cc90df47e1fa5ae574b25a231_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\94185bbc36261fd5b904bc6b2b4adaea_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\94ea5855bd7f0b175efcf387bd438a76_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\95478b38169c088bf0db6416e2c87a30_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9563f0e8bb214fb10c95e99b9a8beb62_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\95efb76de1351ceb2e5804c58277cfb4_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\96a728583c7b2376ebd245a74088d541_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\97803fb1d9498090fa018930e918310a_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\98b8dfd3f5a0e216fa803a1516858301_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9950294649739222991d881858880b91_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\999c913bbadf838ad88c4856b09b19b3_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a3d00bbf3f9f20de4a16e926cbe3c65_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a57a1e5b5069f5c3ad87acd0b63dc12_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9aaed05d61fa46a2e1c387e2b7228903_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ae3aa934b5eb5c8d33d79f4d2f4d07c_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9b12fe4318004332d8aaefd701faf1fd_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9b1ed025bfae306511352d07dc385dde_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c3552ded8dc89963635511181712bad_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c6665883a1544ebe01c7dc322b41966_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9cae5c9a1cad37dccd988e44431315cb_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9d25233dbf5b74a5f5e9bcacb8c7f7a4_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9d55fe51c37d6a0e2a2f86b2a6b4c7f5_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e87fc96e5042e8f947dba72d80eaaf3_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f9a8c1e119d5d5a463466cca8ae5522_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a09fd8f2388628a758115fc9c4f606de_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a1549a20ed73798d587152d1bf06564a_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a1a2d14fa39481d5db5d5109abf8de46_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a31343300e9ac88eb19d77a44cf2227c_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a44a479184dde8f810325feeace1287e_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7072342d92cd27fa1c5e067dd624d96_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a723b4ac4bc2d0c04e0de792384fa3fd_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a791ee9dc54eaada48eb37de7f7039ba_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7e84054089ce3f916e7a0e8ef5006d4_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a824dbbfc56dc2e80fa294a8b6ca5956_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a90b218a1097ae1a37ab51bfbf40e9cd_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a9c64ab8416bf46cda6799246e6a41ba_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa0c19669c9223a3ebc76934f7e47181_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ab2b127b52b2e71d422068c8669f164f_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac650133c7e7e863e3d4be2f5fe37187_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac83465dba1a48c7a58f00ee734f44ce_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae52b8b24ad250975985545fdd91e7bb_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae98e7b2a44d0e56f5ac52accee803c4_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aeecc727d17891aae1a44f7d349b29b9_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\af25672eef8530b483e72ec4de2ac783_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\afc41f15d48d1f8c5061a66dea67b6de_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b05ea9472382263ddba6b2fddb82d297_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b105ef37758a144e4d52d84529af1d09_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b14ac0eacaa24ccf3b52c2afe620bbde_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b162c460ab110f9d7c091c00109b61eb_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2a0946552e6a6ea1ad4d2a01139fb72_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2d0343450013b4d6466ef1cd5489f17_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b3375bd9a67553fe09deab4c4665d8fd_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b410481d375b452d72899a39bac42987_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b44bb090d5bc90b99685a7369e261e75_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b459166a6aab07d768cbf9b30ab72385_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b4b4250a45addd049d16344eddea66d9_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b56c051189c8874e3659326ed9d8b9b0_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b603fe505b8d8ec0844329451f9d90d9_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b61b0c0e3ebf14c7e4328f5dfdabf453_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b67feb8596f710d1cdff6d1052259f8b_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b76444c8e832aa710d6cb34a2975157c_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b78fa6d6180d87406697788502aaade8_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b793f4e6c18546bba60d1b83e4188d37_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b8dc2b1fc9469da5bb968298b7bed489_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b938993c32e9eec0b921ecedb56fa104_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b97fbf6ae163a80b5c97480f235f7f3c_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b9d4ed865eb81b843fd54ef4050aebcd_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ba66644c12cc210ae9b6da910005ca0d_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ba8329aa22a727d65781ea01e4609f96_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb59e9e6ab5afa7d72503071f8215a30_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb9ad4bc0824774ef2f28f7384474d32_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bbdc617ab07ce4dcf668678fd483fd7d_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bbdd2881a990ac48a21a79d6e4972deb_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcc3d0dac6334a9acb221f1091bb2b23_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcda7a7fb1ccf85314069d8af71b72aa_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bce0daeb4d39d4732cb4852cd3aaae4a_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd34deea59ce884aa806c9bedca152a4_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd4cbc65ff523ed428df47a4f29886eb_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd8c6e78f28990d85d24ccfc2cfa4319_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be83af1c6cd6a48d9c3758b40c12c8d0_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bee735c495bcf8881ab1279c56336ed8_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users�
  • 0

#18
Hamze
Posted 07 June 2008 - 02:52 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here's a new Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:46 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Registry Fix] "C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" /reminder
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MOE\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe

--
End of file - 7845 bytes
  • 0

#19
BHowett
Posted 07 June 2008 - 05:16 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
The Atribune website is temporary down, so we will come back to the ATF Cleaner later. We can do the findfile the old way :)

FindFile

We need to do a search for one or more files.
  • Click Start.
  • Click Search.
  • Click All files and folders.
  • Expand More advanced options and then check Search system folders, Search hidden files and folders and Search Subfolders.
  • then copy and Paste each of the following (one at a time) into the box:

    imapi.exe

Please post any of the file paths found in your next reply.
  • 0

#20
BHowett
Posted 07 June 2008 - 05:18 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
it also looks like your Kaspersky Online Scanner results are cut off can you post the rest of it.

Thanks
  • 0

#21
Hamze
Posted 08 June 2008 - 08:57 AM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
The rest of the results of the scanner:
\Application Data\Microsoft\Crypto\RSA\MachineKeys\bee735c495bcf8881ab1279c56336ed8_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bfad12680ba3cb7282c2c98215954a3a_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bff541ad7eb9a5f89a91f92461f2d674_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c071e1b6d4adb1f57cdaeb591a50e4d7_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c0e4f6ad3734cf1e435ea33077cf7bfb_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c1684466273702472df4e376e048112f_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c24c78936ceb515931979ca8d634ab77_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c40e4eff28e82e46bd6bdead767ea8a0_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c44050d77a3aad691c480c0bd50964ac_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c48a4828e6576c6dca6786d3d12950f8_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4a09c0c291a28a287756dac48da1d64_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4a27a2c119504dd56e10a5fbd35d435_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c5d215b223a36a2fb359f74f343a25d2_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c694b0a939fbe2c12ade527071f193a4_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7e07af53095ae579759f4bdbe6f6776_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c8b9ef58478f6583d153282f4f26df6c_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c8d37e6c6e9b355fd41bbd44bac2880b_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c919f3419d9b54af5de6bbbb99bc93fb_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca072e6f8ffb0e4193955b66bfbc4c71_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca14161dcf3e3271a8a6c046d7478b83_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca404609b30c55c47f2e8107a3132bfc_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc6144fe8856fccdfe86239d0753540a_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce8ae11da7f25adc1db125f96722727a_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cecf5b27f3c2148d074d3902477b348e_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf08050143c2551922e366e9503f72ad_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf97f2d8661fcf2855c57fae795c8a78_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d117d4eb7bf0d3836c25cd5b0a202fa8_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d3405c04dab81436ecba0738e4209253_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d3bc6218b85fedc70c36fff916e4686f_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d5eb22b194e0ac9b7f9f12b5c3c5fdce_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d656c4b0a10b3efc666683b7d964b450_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d691b4eab26b996e8839fdb41d69439f_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d7c044beabf138174bc53555a068d7a3_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d7f493e2a42a02114ea0714fd9dd7da1_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d82d8b4038a1723521803773aeb219e4_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8a10e3286b3ab1ed1495868d27f25a7_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8fc30546ec9ba0e86bb65ae573c8e78_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d92e3240dd234730f12ecbcafb2df54d_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d985046232b48fb19cf5fdcfcaa824ce_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d9cbf82106282d2971a808c3a68d3c16_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\db20056b28b4f99ad6c85eb6838fa6eb_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\db6afb4c1c74b370e40065c72a56d30f_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\db7724daf7b3831b13469c212c47cbff_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dca83774d409e41c252ca411f05c507a_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dcf4d6c3071381e2b5d87bcd1372d14a_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dcf5b07055bfc2ba8a8962bbb63e8751_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\de1169689e96315809152ebbd1e3b8e6_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dfa21a5993e8842409c7f8898d845c3d_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e018454f919915b363dd1c27ad7bafea_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e236fd2d03e5f03906710a5b57bf634a_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2aefd83bcfd1fe386b0c4c2c5b0bebd_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e34fc16eaafb0230d151d79c2618963b_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e3a5cb6821c05a4417f61c5d2087b30c_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e40e29ecb1ed9e6837dca60df81107b3_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e50746b203707dd0d1bed21ea5b9f2b3_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e5b4c89e29f441ba795f8f870402ac2d_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e645ed62887ec9dbd4dfbf445f7f5579_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e7105def3f13ca3144045d5053a2e6f8_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e7c0610515494739b07d75b05a84efad_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e7f1fc1ca21e45e571f6c5ffb778185e_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e860149e9adfbe303723c6fa2af5372f_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e8a2afe8684756039101dae13dd69820_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e95afa04df1e907b5de5765981aad0e0_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e9fa7eb76f6f5ceccb4562eb666004b9_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eada4d55492ed595021c7302905e2ce4_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed3a37c006a7cbcf04ebbbac21c443f8_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\edfabdfe18db3d3ec1e2aad03ccdacc4_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee22b3c57d8302eda55e62da07c16822_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee2bf7e60e3ae57025173cfee8215f36_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee46cbbb7461311677b4cf90b7d9ab79_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eead0aba91a198a95473df7d7bd8b834_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eed59e6136f9401ce54cbacd782a5bfb_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f08bdfaa47648ddd3cad3f594bb703b2_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f239324d54143c69f0df9073be84f94d_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f379643f606859d2c5d07c8dd9c7b1b2_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3ac8881c0d5ca2f9e8cb2a804299150_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3cfc3cbea25cdace0d06878a5c661d9_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f4f081d73b4fb96a429d7ecade0fdd75_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f62693149c04207a2d176ae394aa63fd_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f6656023cf052e832f915af8d2196935_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f6ff97e1c51f9e317d5f9a77d9008272_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f742535d91e42ea4ed2ef180c4fac9e2_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f7a813fe0c6337aa6aa18dfc51c610b1_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f80da3e1c901ef2396f1895cb7c6c0ce_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8194fe6450a8d0701bb3d03047c4a95_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f88c6c3887a238c8012e13ce5a18650b_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f895d28dce1eb0e90f04604e0e380285_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f93c515ab1ef470eb735b11b796e1ee1_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f9551c0bc259ab4939591b5a7b7dfa3c_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa57bc47a0594286e2e5c4e3c193050b_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fac60012026e5bdd6e2c3dddb75dc38c_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc134f9f8e9835b7a2cb2b6b4a0e3a78_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc39b6953cb5435b6ee61616c6a4606b_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd399849d4d3034b0e3b423299bcc3de_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd5666d9551d28d1a2eed4542216c1f4_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe020c63c98481ca48e2049e9ff796ab_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff1bdc40576cacf54837c364cfa167bd_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ffe900237dd3b765d01c11a127d0e0a4_fab6dc19-aa68-499e-a69e-cf37300260bf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Guest\Local Settings\Temp\hsperfdata_Guest\3068 Object is locked skipped
C:\Documents and Settings\Guest\Local Settings\Temp\hsperfdata_Guest\468 Object is locked skipped
C:\Documents and Settings\HASSAN\Incomplete\Preview-T-3545425-enter matrix.mpg Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Documents and Settings\HASSAN\My Documents\enter matrix.mpg Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Documents and Settings\HASSAN\My Documents\matrix reloaded.avi Infected: Trojan-Downloader.WMA.GetCodec.a skipped
C:\Documents and Settings\HASSAN\My Documents\matrix reloaded.mpg Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\MOE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-33101cdc.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\MOE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-33101cdc.zip ZIP: infected - 1 skipped
C:\Documents and Settings\MOE\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\MOE\HAMZE &HAMDA\Local Settings\Temp\ACM\auraupg1.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ah skipped
C:\Documents and Settings\MOE\HAMZE &HAMDA\Local Settings\Temp\BMZ\auraupg1.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ah skipped
C:\Documents and Settings\MOE\HAMZE &HAMDA\Local Settings\Temp\D420\aurora.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.at skipped
C:\Documents and Settings\MOE\HAMZE &HAMDA\Local Settings\Temp\OFA\auraupg1.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ah skipped
C:\Documents and Settings\MOE\HAMZE &HAMDA\Local Settings\Temp\SAcc.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.d skipped
C:\Documents and Settings\MOE\HAMZE &HAMDA\Local Settings\Temp\SAcc.prod.v1154.28fev2006.exe.0de6dbd8c74b758e2562e438c4e8ca0b Infected: not-a-virus:AdWare.Win32.SurfAccuracy.p skipped
C:\Documents and Settings\MOE\HAMZE &HAMDA\Local Settings\Temp\Temporary Internet Files\Content.IE5\0HY3O9MN\send_car_int[1].htm Suspicious: Exploit.HTML.CodeBaseExec skipped
C:\Documents and Settings\MOE\HAMZE &HAMDA\Local Settings\Temp\Temporary Internet Files\Content.IE5\SX2Z4HIV\send_car_int[1].htm Suspicious: Exploit.HTML.CodeBaseExec skipped
C:\Documents and Settings\MOE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\MOE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\MOE\Local Settings\Application Data\Mozilla\Firefox\Profiles\9ejcoxjo.Default User\Cache(3)\235E9D70d01/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Documents and Settings\MOE\Local Settings\Application Data\Mozilla\Firefox\Profiles\9ejcoxjo.Default User\Cache(3)\235E9D70d01/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Documents and Settings\MOE\Local Settings\Application Data\Mozilla\Firefox\Profiles\9ejcoxjo.Default User\Cache(3)\235E9D70d01 NSIS: infected - 2 skipped
C:\Documents and Settings\MOE\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MOE\Local Settings\temp\~DFD834.tmp Object is locked skipped
C:\Documents and Settings\MOE\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\MOE\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MOE\ntuser.dat Object is locked skipped
C:\Documents and Settings\MOE\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\MSN Messenger\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Documents and Settings\MOE\lsass.exe.vir Infected: Trojan-Spy.Win32.VB.aho skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\FNTS~1\nopdb.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hl skipped
C:\QooBox\Quarantine\C\Program Files\MSN Gaming Zone\lavu917.dll.vir Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\QooBox\Quarantine\C\WINDOWS\b138.exe.vir Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\QooBox\Quarantine\C\WINDOWS\b143.exe.vir Infected: Trojan-Downloader.Win32.Agent.kub skipped
C:\QooBox\Quarantine\C\WINDOWS\b149.exe.vir Infected: not-a-virus:Downloader.Win32.Agent.ak skipped
C:\QooBox\Quarantine\C\WINDOWS\b151.exe.vir Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\QooBox\Quarantine\C\WINDOWS\b152.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\QooBox\Quarantine\C\WINDOWS\b155.exe.vir Infected: Trojan.Win32.BHO.bkm skipped
C:\QooBox\Quarantine\C\WINDOWS\b156.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.f skipped
C:\QooBox\Quarantine\C\WINDOWS\b157.exe.vir Infected: Trojan-Downloader.Win32.Agent.jih skipped
C:\QooBox\Quarantine\C\WINDOWS\b999.exe.vir Infected: Trojan-Downloader.Win32.Agent.ofz skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awttqppm.dll.vir Infected: Trojan.Win32.Inject.cif skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\efcYoNGy.dll.vir Infected: Trojan-Downloader.Win32.Agent.rjw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iiffgfd.dll.vir Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkkife.dll.vir Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lnaccess.exe.vir Infected: not-a-virus:Porn-Dialer.Win32.Agent.bf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\logXv05\logXv051080.exe.vir Infected: Trojan-Downloader.Win32.VB.enh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\logXv18\logXv182328.exe.vir Infected: Trojan-Downloader.Win32.VB.enh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJBQKCU.dll.vir Infected: Trojan.Win32.Inject.cif skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJBSmKD.dll.vir Infected: Trojan.Win32.Inject.cif skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnoOffe.dll.vir Infected: Trojan.Win32.Inject.cif skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nsinet.exe.vir Infected: not-a-virus:Porn-Dialer.Win32.EgroupDial.ae skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ofrdcojr.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qnsoadsr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\romigfsn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sfbeswtu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\soygsprx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ssitnwfm.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqnmki.dll.vir Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqqpop.dll.vir Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\urqnopq.dll.vir Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vntiho18\vntiho182328.exe.vir Infected: Trojan-Downloader.Win32.VB.epp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vtustqp.dll.vir Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvsrp.dll.vir Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wvuvvvu.dll.vir Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xxywwxu.dll.vir Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yayyAspQ.dll.vir Infected: Trojan-Downloader.Win32.Agent.rjw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yayyyay.dll.vir Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\QooBox\Quarantine\C\WINDOWS\TTC-4444.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\QooBox\Quarantine\C\WINDOWS\TTC-4444.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\catchme2008-06-06_163813.29.zip/byXNeFvs.dll Infected: Trojan.Win32.Mondera.gen skipped
C:\QooBox\Quarantine\catchme2008-06-06_163813.29.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000003.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hl skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000007.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000007.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000009.exe Infected: not-a-virus:Porn-Dialer.Win32.Agent.bf skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000010.exe Infected: not-a-virus:Porn-Dialer.Win32.EgroupDial.ae skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000011.exe Infected: Trojan-Spy.Win32.VB.aho skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000013.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000014.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000015.exe Infected: Trojan-Downloader.Win32.Agent.kub skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000016.exe Infected: not-a-virus:Downloader.Win32.Agent.ak skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000017.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000018.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000019.exe Infected: Trojan.Win32.BHO.bkm skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000020.exe Infected: not-a-virus:AdWare.Win32.Insider.f skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000021.exe Infected: Trojan-Downloader.Win32.Agent.jih skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000022.exe Infected: Trojan-Downloader.Win32.Agent.ofz skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000025.dll Infected: Trojan.Win32.Inject.cif skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000027.dll Infected: Trojan-Downloader.Win32.Agent.rjw skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000029.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000030.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000031.dll Infected: Trojan.Win32.Inject.cif skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000032.dll Infected: Trojan.Win32.Inject.cif skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000033.dll Infected: Trojan.Win32.Inject.cif skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000034.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000035.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000036.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000037.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000038.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000039.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000040.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000041.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000042.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000043.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000044.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000046.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000047.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000049.dll Infected: Trojan-Downloader.Win32.Agent.rjw skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000050.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000152.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP5\A0001355.exe Infected: Trojan-Downloader.Win32.VB.enh skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP5\A0001356.exe Infected: Trojan-Downloader.Win32.VB.enh skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP5\A0001357.exe Infected: Trojan-Downloader.Win32.VB.epp skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP7\A0001524.exe Infected: Trojan-Downloader.Win32.VB.enh skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP7\A0001525.exe Infected: Trojan-Downloader.Win32.VB.enh skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP7\A0001526.exe Infected: Trojan-Downloader.Win32.VB.epp skipped
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP7\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\qskvwa.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ai skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\ardCo05\ardCo051080.exe Infected: Trojan-Downloader.Win32.VB.ccs skipped
C:\WINDOWS\system32\ardCo18\ardCo182328.exe Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\WINDOWS\system32\bvwnygly.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\cngugtrv.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\crdaails.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\csvyrlkw.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.is skipped
C:\WINDOWS\system32\cswqohuu.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\ctyohncu.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\dfpuxhqy.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\ftokayys.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\gcwdprrr.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\geebx.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\geeda.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\geedc.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\gnqjsagk.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\gpnhufkl.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hanpioiu.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\haqeomfa.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\ildaghrh.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\ithpefvq.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\jkhhh.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\jkkji.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\jkkjj.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\jkkli.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\jkklm.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\kykkghwo.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\lknmfajk.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\mljjk.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\mllmj.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\mllmn.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\mop3\gyreo83122.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\WINDOWS\system32\mop3\gyreo83122.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\nhfyekab.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\nljysvya.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\ntghtkji.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\pqaergpt.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\qlsovtvd.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\ssdurmyd.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\sshohmls.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\ssqro.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\ssqrq.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\ssqrs.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\swuhpvks.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\txelbsbv.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\ugixhemc.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\vtstt.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\ydoixolc.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_b4.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP7\change.log Object is locked skipped

Scan process completed.
  • 0

#22
Hamze
Posted 08 June 2008 - 09:23 AM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Search found IMAPI.EXE-0BF740A4.pf in C:\WINDOWS\Prefetch and imapi.exe in C:\Windows\system32
  • 0

#23
Hamze
Posted 08 June 2008 - 09:27 AM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
A new Hijackthislog:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:58 AM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Registry Fix] "C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" /reminder
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MOE\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe

--
End of file - 7783 bytes
  • 0

#24
BHowett
Posted 08 June 2008 - 10:59 AM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
Hi Hamze,

please do the following:


Combofix Script.txt
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\qskvwa.exe 
C:\WINDOWS\system32\bvwnygly.dll 
C:\WINDOWS\system32\cngugtrv.dll 
C:\WINDOWS\system32\crdaails.dll 
C:\WINDOWS\system32\csvyrlkw.dll 
C:\WINDOWS\system32\cswqohuu.exe 
C:\WINDOWS\system32\ctyohncu.exe 
C:\WINDOWS\system32\dfpuxhqy.exe 
C:\WINDOWS\system32\ftokayys.dll 
C:\WINDOWS\system32\gcwdprrr.dll 
C:\WINDOWS\system32\geebx.dll_old 
C:\WINDOWS\system32\geeda.dll_old 
C:\WINDOWS\system32\geedc.dll_old 
C:\WINDOWS\system32\gnqjsagk.exe 
C:\WINDOWS\system32\gpnhufkl.exe 
C:\WINDOWS\system32\hanpioiu.exe 
C:\WINDOWS\system32\haqeomfa.dll 
C:\WINDOWS\system32\ildaghrh.dll 
C:\WINDOWS\system32\ithpefvq.dll 
C:\WINDOWS\system32\jkhhh.dll_old 
C:\WINDOWS\system32\jkkji.dll_old 
C:\WINDOWS\system32\jkkjj.dll_old 
C:\WINDOWS\system32\jkkli.dll_old 
C:\WINDOWS\system32\jkklm.dll_old 
C:\WINDOWS\system32\kykkghwo.exe 
C:\WINDOWS\system32\lknmfajk.dll 
C:\WINDOWS\system32\mljjk.dll_old 
C:\WINDOWS\system32\mllmj.dll_old 
C:\WINDOWS\system32\mllmn.dll_old 
C:\WINDOWS\system32\nhfyekab.exe 
C:\WINDOWS\system32\nljysvya.dll 
C:\WINDOWS\system32\ntghtkji.exe 
C:\WINDOWS\system32\pqaergpt.exe 
C:\WINDOWS\system32\qlsovtvd.exe 
C:\WINDOWS\system32\ssdurmyd.dll 
C:\WINDOWS\system32\sshohmls.exe 
C:\WINDOWS\system32\ssqro.dll_old 
C:\WINDOWS\system32\ssqrq.dll_old 
C:\WINDOWS\system32\ssqrs.dll_old 
C:\WINDOWS\system32\swuhpvks.dll 
C:\WINDOWS\system32\txelbsbv.dll 
C:\WINDOWS\system32\ugixhemc.exe 
C:\WINDOWS\system32\vtstt.dll_old 
C:\WINDOWS\system32\ydoixolc.exe 
Folder::
C:\WINDOWS\system32\mop3 
C:\WINDOWS\system32\ardCo05
C:\WINDOWS\system32\ardCo18


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

===============================================

Msncleaner

Please download MsnCleaner.zip and Save it to your Desktop.
  • Unzip it to the Desktop.
  • Now reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit Enter.
  • Double-click MsnCleaner.exe to run it.
  • Click the Analyze button.
  • A report will be created once after you finish scan.
  • If it finds an infection, click the Deleted button.
  • Now, please reboot back to normal mode.
  • Please post the contents of C:\MsnCleaner.txt in a reply to this post along with a new HJT log.

===============================================

ATF Cleaner

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

===============================================

AVG Anti-Spyware


First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select ""Do no automatically generate report""
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

===============================================

Needed in your next reply:

"C:\ComboFix.txt"
MsnCleaner.txt
AVG Anti-Spyware report
New HijackThis log

You may need to use more then one reply, also please let me know how things are running on your system now. :)
  • 0

#25
Hamze
Posted 08 June 2008 - 12:24 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here's the combofix log:
ComboFix 08-06-05.3 - MOE 2008-06-08 14:15:51.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.248 [GMT -4:00]
Running from: C:\Documents and Settings\MOE\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2008-06-07 14:27 . 2008-06-07 14:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-07 14:27 . 2008-06-07 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-06 21:34 . 2008-06-06 21:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-06 18:16 . 2008-06-06 18:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 18:16 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 18:16 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 17:47 . 2008-06-06 17:47 <DIR> d-------- C:\Documents and Settings\MOE\New Folder
2008-06-06 17:37 . 2008-06-06 17:37 <DIR> d-------- C:\Documents and Settings\MOE\Application Data\LimeWire
2008-06-06 17:37 . 2008-06-06 17:37 <DIR> d-------- C:\Documents and Settings\HAMDA & HASSAN\Application Data\LimeWire
2008-06-06 16:59 . 2008-06-06 16:59 <DIR> d-------- C:\Documents and Settings\MOE\Application Data\Malwarebytes
2008-06-06 16:59 . 2008-06-06 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 07:37 . 2008-06-06 07:37 <DIR> d-------- C:\industry_files
2008-06-06 07:37 . 2008-06-06 07:37 45,111 --a------ C:\industry.htm
2008-06-06 07:36 . 2008-06-06 07:36 <DIR> d-------- C:\reasons_files
2008-06-06 07:36 . 2008-06-06 07:36 20,358 --a------ C:\reasons.htm
2008-06-06 07:35 . 2008-06-06 07:35 <DIR> d-------- C:\population_files
2008-06-06 07:35 . 2008-06-06 07:35 <DIR> d-------- C:\invest_files
2008-06-06 07:35 . 2008-06-06 07:35 41,502 --a------ C:\population.htm
2008-06-06 07:35 . 2008-06-06 07:35 23,334 --a------ C:\invest.htm
2008-06-06 07:33 . 2008-06-06 07:33 <DIR> d-------- C:\Age_distribution_files
2008-06-06 07:33 . 2008-06-06 07:33 42,072 --a------ C:\Age_distribution.htm
2008-06-05 18:23 . 2008-06-05 18:23 347 --ahs---- C:\WINDOWS\system32\svFeNXyb.ini
2008-06-05 17:11 . 2008-06-05 17:11 <DIR> d-------- C:\Deckard
2008-06-01 20:27 . 2008-06-01 20:27 <DIR> d-------- C:\Program Files\Aspose
2008-06-01 11:15 . 2008-06-01 11:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-28 23:01 . 2008-05-28 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-28 21:07 . 2008-05-28 23:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 20:56 . 2008-05-28 20:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-28 20:56 . 2008-05-28 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 20:14 . 2008-05-28 20:14 <DIR> d-------- C:\!KillBox
2008-05-28 19:47 . 2008-05-28 19:47 <DIR> d-------- C:\Documents and Settings\MOE\Application Data\Uniblue
2008-05-28 19:26 . 2008-05-28 19:32 <DIR> d-------- C:\Program Files\Security Task Manager
2008-05-28 19:26 . 2008-05-28 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-21 16:01 . 2008-05-21 16:01 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-05-21 16:00 . 2008-05-21 16:01 <DIR> d-------- C:\Documents and Settings\MOE\Application Data\U3
2008-05-18 17:44 . 2008-05-18 17:50 <DIR> d-------- C:\Program Files\Microsoft Bootvis
2008-05-18 17:18 . 2008-05-18 17:19 <DIR> d-------- C:\Program Files\CachemanXP
2008-05-18 16:21 . 2008-05-18 16:21 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 15:20 --------- d-----w C:\Program Files\mIRC
2008-05-30 19:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-29 03:01 --------- d-----w C:\Program Files\Lavasoft
2008-05-25 17:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-18 20:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 20:10 --------- d-----w C:\Program Files\ChessBase
2008-05-18 20:10 --------- d-----w C:\Documents and Settings\MOE\Application Data\ChessBase
2008-05-17 15:34 --------- d-----w C:\Documents and Settings\HAMDA & HASSAN\Application Data\MEGAUPLOADTOOLBAR
2008-05-15 20:49 --------- d-----w C:\Program Files\ShredderChess
2008-05-09 23:05 --------- d-----w C:\Documents and Settings\MOE\Application Data\Yahoo!
2008-05-09 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-03 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-03 19:46 --------- d-----w C:\Program Files\Yahoo!
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-27 01:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-26 14:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-24 13:03 20,240 ----a-w C:\Documents and Settings\HASSAN\Application Data\GDIPFONTCACHEV1.DAT
2008-04-22 23:25 --------- d-----w C:\Documents and Settings\HAMDA & HASSAN\Application Data\Hamachi
2008-04-22 20:01 --------- d-----w C:\Documents and Settings\MOE\Application Data\Hamachi
2008-04-21 14:26 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-19 20:50 --------- d-----w C:\Program Files\Bookup
2008-04-17 01:03 --------- d-----w C:\Program Files\Arena
2008-04-14 11:48 19,456 -c--a-w C:\Documents and Settings\MOE\Application Data\GDIPFONTCACHEV1.DAT
2008-04-09 11:41 --------- d-----w C:\Documents and Settings\MOE\Application Data\Internet Chess Club
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-06 16:30 77 ----a-w C:\Documents and Settings\MOE\3289.bat
2008-01-05 21:17 77 ----a-w C:\Documents and Settings\MOE\2091.bat
2008-01-05 10:46 77 ----a-w C:\Documents and Settings\MOE\4743.bat
2008-01-05 04:26 77 ----a-w C:\Documents and Settings\MOE\8540.bat
2008-01-04 21:17 77 ----a-w C:\Documents and Settings\MOE\5392.bat
2008-01-04 16:10 77 ----a-w C:\Documents and Settings\MOE\3685.bat
2008-01-04 02:17 77 ----a-w C:\Documents and Settings\MOE\3004.bat
2008-01-03 23:20 77 ----a-w C:\Documents and Settings\MOE\2485.bat
2008-01-03 19:38 77 ----a-w C:\Documents and Settings\MOE\3090.bat
2008-01-03 01:00 77 ----a-w C:\Documents and Settings\MOE\6339.bat
2008-01-02 15:31 77 ----a-w C:\Documents and Settings\MOE\2779.bat
2008-01-02 04:22 249 ----a-w C:\Documents and Settings\MOE\4299.bat
2008-01-01 16:22 77 ----a-w C:\Documents and Settings\MOE\8192.bat
2008-01-01 04:53 249 ----a-w C:\Documents and Settings\MOE\6407.bat
2008-01-01 03:03 77 ----a-w C:\Documents and Settings\MOE\9181.bat
2008-01-01 03:02 249 ----a-w C:\Documents and Settings\MOE\2240.bat
2007-12-31 23:32 77 ----a-w C:\Documents and Settings\MOE\7081.bat
2007-12-31 23:31 249 ----a-w C:\Documents and Settings\MOE\4334.bat
2007-12-31 18:48 77 ----a-w C:\Documents and Settings\MOE\8717.bat
2007-12-31 15:31 77 ----a-w C:\Documents and Settings\MOE\2391.bat
2007-12-31 15:30 249 ----a-w C:\Documents and Settings\MOE\8664.bat
2007-12-30 22:41 77 ----a-w C:\Documents and Settings\MOE\6444.bat
2007-12-30 22:40 249 ----a-w C:\Documents and Settings\MOE\5502.bat
2007-12-30 19:53 77 ----a-w C:\Documents and Settings\MOE\3536.bat
2007-12-30 19:53 249 ----a-w C:\Documents and Settings\MOE\9136.bat
2007-12-30 19:09 77 ----a-w C:\Documents and Settings\MOE\5050.bat
2007-12-30 19:09 249 ----a-w C:\Documents and Settings\MOE\6435.bat
2007-12-30 15:25 77 ----a-w C:\Documents and Settings\MOE\4543.bat
2007-12-30 15:24 249 ----a-w C:\Documents and Settings\MOE\7344.bat
2007-12-30 04:49 77 ----a-w C:\Documents and Settings\MOE\2766.bat
2007-12-30 04:49 249 ----a-w C:\Documents and Settings\MOE\7934.bat
2007-12-30 04:43 77 ----a-w C:\Documents and Settings\MOE\6463.bat
2007-12-30 04:43 249 ----a-w C:\Documents and Settings\MOE\3097.bat
2007-12-30 03:39 249 ----a-w C:\Documents and Settings\MOE\4425.bat
2007-12-30 01:45 249 ----a-w C:\Documents and Settings\MOE\4170.bat
2007-12-29 13:44 77 ----a-w C:\Documents and Settings\MOE\8442.bat
2007-10-25 22:17 78,184 -c--a-w C:\Documents and Settings\HAMDA & HASSAN\Application Data\GDIPFONTCACHEV1.DAT
2007-01-27 22:33 524,300 -c--a-w C:\Documents and Settings\MOE\Application Data\position.bin
2005-05-12 01:10 66,576 -c--a-w C:\Documents and Settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2005-03-11 00:06 66,576 -c--a-w C:\Documents and Settings\ANYONE ELSE\Application Data\GDIPFONTCACHEV1.DAT
2007-08-09 18:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2007-05-19 23:30 168 --sh--r C:\WINDOWS\system32\8A66670798.sys
2007-03-31 18:20 56 --sh--r C:\WINDOWS\system32\980767668A.sys
2007-06-12 03:07 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-07-29 21:24 472 --sha-r C:\WINDOWS\TU9FIA\no6IKE.vbs
.

((((((((((((((((((((((((((((( snapshot@2008-06-05_17.07.48.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 20:55:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-08 14:21:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-05-08 20:38:23 407,004 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-06-06 21:38:11 213,488 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Free Registry Fix"="C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" [ ]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-02 20:58 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fantastic Flame Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Fantastic Flame Agent.lnk
backup=C:\WINDOWS\pss\Fantastic Flame Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^palstart.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
backup=C:\WINDOWS\pss\palstart.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^MOE^Start Menu^Programs^Startup^Morpheus.lnk]
path=C:\Documents and Settings\MOE\Start Menu\Programs\Startup\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MOE^Start Menu^Programs^Startup^PalNetaware.lnk]
path=C:\Documents and Settings\MOE\Start Menu\Programs\Startup\PalNetaware.lnk
backup=C:\WINDOWS\pss\PalNetaware.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
--a------ 2004-04-08 10:56 496752 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2007-02-27 17:04 262184 C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freedom]
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
C:\WINDOWS\Fonts\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2002-10-16 02:05 114688 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I&F Viewer toolbar]
--a------ 2006-10-27 21:34 65536 C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2002-10-16 02:18 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 10:44 249856 c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-07 16:55 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 06:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2005-03-09 20:10 11776 C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2005-03-09 20:10 110592 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 06:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2002-10-23 13:15 86016 c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1evùõš/‚²‘ÆßfÏNC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1evùõš/‚²‘ÆßfÏNC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1evùõš/‚²‘ÆßfÏNC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqx1evùõš/‚²‘ÆßfÏNC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\bdubyd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simpleology 1.0]
C:\Program Files\Simpleology\Wimiki\wimiki.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]
C:\Program Files\SpyNoMore\SNM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-04-24 16:53 54784 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\Program Files\Spyware Doctor\swdoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-10-12 04:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-02-02 20:58 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\bdubyd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SvcProc"=2 (0x2)
"MDM"=2 (0x2)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"AOL ACS"=2 (0x2)
"gusvc"=3 (0x3)
"SDhelper"=2 (0x2)
"usnjsvc"=3 (0x3)
"NetSvc"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"DomainService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"LogMeIn GUI"="D:\x86\LogMeInSystray.exe"
"LSA Shellu"=C:\Documents and Settings\MOE\lsass.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Arena\\Timeseal.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msrr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"21847:TCP"= 21847:TCP:BitComet 21847 TCP
"21847:UDP"= 21847:UDP:BitComet 21847 UDP
"56979:TCP"= 56979:TCP:AresChatServer

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R3 iANSMiniport;Intel® Advanced Network Services Virtual Adapter;C:\WINDOWS\system32\DRIVERS\ianswxp.sys [2002-10-09 23:21]
S2 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe [2008-04-30 19:54]
S2 LMIInfo;LogMeIn Kernel Information Provider;D:\x86\RaInfo.sys []
S3 iANSProtocol;Intel® Advanced Network Services Protocol;C:\WINDOWS\system32\DRIVERS\ianswxp.sys [2002-10-09 23:21]
S3 JL2005;JL2005A Toy Camera;C:\WINDOWS\system32\Drivers\toywdm.sys [2004-06-04 14:21]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-10-16 03:11]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE31bus.sys [2006-05-01 14:56]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE31mdfl.sys [2006-05-01 14:57]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE31mdm.sys [2006-05-01 14:57]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE31mgmt.sys [2006-05-01 14:58]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);C:\WINDOWS\system32\DRIVERS\se31nd5.sys [2006-05-01 07:56]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE31obex.sys [2006-05-01 14:59]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);C:\WINDOWS\system32\DRIVERS\se31unic.sys [2006-05-01 14:56]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 00:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-06 22:00:08 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-05-30 20:13:13 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-28 23:47:54 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 14:17:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-08 14:24:30
ComboFix-quarantined-files.txt 2008-06-08 18:24:28
ComboFix2.txt 2008-06-08 18:13:54
ComboFix3.txt 2008-06-06 22:37:26
ComboFix4.txt 2008-06-06 22:10:53
ComboFix5.txt 2008-06-06 20:53:58

Pre-Run: 52,841,558,016 bytes free
Post-Run: 52,827,451,392 bytes free

342 --- E O F --- 2008-05-28 03:38:03
  • 0

Advertisements

#26
Hamze
Posted 08 June 2008 - 12:25 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
New Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:39 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Registry Fix] "C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe" /reminder
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MOE\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe

--
End of file - 7636 bytes
  • 0

#27
Hamze
Posted 08 June 2008 - 02:15 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here's msncleaner.txt:
- Logfile MSNCleaner 1.6.4 by www.forospyware.com
- Created Logfile: 6/8/2008 on 4:11:42 PM
- Operative System: Windows XP
- Boot mode: Safe mode with network support
_________________________________________

Detected files: 2
Deleted file: 2
Undeleted Files: 0

C:\Program Files\MSN Messenger\msrr.exe <--- Deleted
C:\WINDOWS\system32\vxs.exe <--- Deleted

Host file Restored
  • 0

#28
Hamze
Posted 08 June 2008 - 02:16 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
*ignore post*

Edited by Hamze, 08 June 2008 - 04:52 PM.

  • 0

#29
BHowett
Posted 08 June 2008 - 03:02 PM

BHowett

    OT Moderator

  • Moderator
  • 4,649 posts
don't forget to post the AVG Anti-Spyware report as well. :)
  • 0

#30
Hamze
Posted 08 June 2008 - 04:04 PM

Hamze

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:15:46 PM 6/8/2008

+ Scan result:



C:\QooBox\Quarantine\C\WINDOWS\qskvwa.exe.vir -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001690.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\EbonyToolbar -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\b138.exe.vir -> Downloader.Agent.cbx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000014.exe -> Downloader.Agent.cbx : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir -> Downloader.Agent.erf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000013.exe -> Downloader.Agent.erf : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\b151.exe.vir -> Downloader.Agent.fjn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000017.exe -> Downloader.Agent.fjn : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\b157.exe.vir -> Downloader.Agent.jih : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000021.exe -> Downloader.Agent.jih : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\b999.exe.vir -> Downloader.Agent.ofz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000022.exe -> Downloader.Agent.ofz : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\iiffgfd.dll.vir -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkkife.dll.vir -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqnmki.dll.vir -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqqpop.dll.vir -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\urqnopq.dll.vir -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\vtustqp.dll.vir -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvsrp.dll.vir -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\wvuvvvu.dll.vir -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\xxywwxu.dll.vir -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\yayyyay.dll.vir -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000029.dll -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000030.dll -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000040.dll -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000041.dll -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000042.dll -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000043.dll -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000044.dll -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000046.dll -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000047.dll -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000050.dll -> Downloader.Small.hlf : Cleaned with backup (quarantined).
C:\Program Files\Common Files\fmzz\fmzzd\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\ardCo05\ardCo051080.exe.vir -> Downloader.VB.ccs : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\ardCo18\ardCo182328.exe.vir -> Downloader.VB.ccs : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001687.exe -> Downloader.VB.ccs : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001688.exe -> Downloader.VB.ccs : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\logXv05\logXv051080.exe.vir -> Downloader.VB.enh : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\logXv18\logXv182328.exe.vir -> Downloader.VB.enh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP5\A0001355.exe -> Downloader.VB.enh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP5\A0001356.exe -> Downloader.VB.enh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP7\A0001524.exe -> Downloader.VB.enh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP7\A0001525.exe -> Downloader.VB.enh : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\vntiho18\vntiho182328.exe.vir -> Downloader.VB.epp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP5\A0001357.exe -> Downloader.VB.epp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP7\A0001526.exe -> Downloader.VB.epp : Cleaned with backup (quarantined).
C:\Documents and Settings\HASSAN\My Documents\enter matrix.mpg -> Downloader.Wimad.n : Cleaned with backup (quarantined).
C:\Documents and Settings\HASSAN\My Documents\matrix reloaded.mpg -> Downloader.Wimad.n : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\MSN Gaming Zone\lavu917.dll.vir -> Hijacker.StartPage : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000152.dll -> Hijacker.StartPage : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Documents and Settings\MOE\lsass.exe.vir -> Logger.VB.aho : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000011.exe -> Logger.VB.aho : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\b152.exe.vir -> Not-A-Virus.Adware.Insider : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\b156.exe.vir -> Not-A-Virus.Adware.Insider : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000018.exe -> Not-A-Virus.Adware.Insider : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000020.exe -> Not-A-Virus.Adware.Insider : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Common Files\FNTS~1\nopdb.exe.vir -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000003.exe -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\TTC-4444.exe.vir -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\mop3\gyreo83122.exe.vir -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP2\A0000007.exe -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8883294D-3283-47EC-A590-7F4531D14142}\RP8\A0001689.exe -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-32.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.119:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-32.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.12:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-46.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.13:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-46.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.145:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-51.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.145:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-52.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.146:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-50.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.146:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-51.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.146:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-52.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.147:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-50.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.147:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-51.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.147:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-52.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.148:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-50.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.148:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-51.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.148:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-52.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.149:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-50.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.14:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-46.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.150:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-35.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.150:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-40.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.151:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-35.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.151:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-40.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.151:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-41.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.151:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-42.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.151:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-71.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.152:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-41.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.152:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-42.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.152:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-71.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.153:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-36.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.153:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-37.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.153:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-38.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.153:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-39.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.153:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-71.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.153:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-72.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.153:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-73.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.154:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-33.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.154:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-36.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.154:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-37.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.154:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-38.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.154:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-39.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.154:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-43.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.154:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-44.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.154:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-45.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.154:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-70.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.154:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-72.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.154:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-73.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.155:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-33.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.155:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-43.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.155:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-44.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.155:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-45.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.155:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-70.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.155:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-72.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.155:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-73.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.156:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-70.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.157:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-34.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.158:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-34.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.159:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-53.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.15:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-46.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.160:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-53.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.160:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-54.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.160:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-55.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.160:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-56.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.160:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-57.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.160:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-58.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.160:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-59.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.160:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-60.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.160:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-61.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.160:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-62.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.160:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-63.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.160:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-64.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.160:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-65.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.160:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-66.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.160:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-67.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.160:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-68.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.160:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-69.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.161:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-53.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.161:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-54.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.161:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-55.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.161:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-56.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.161:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-57.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.161:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-58.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.161:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-59.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.161:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-60.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.161:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-61.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.161:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-62.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.161:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-63.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.161:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-64.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.161:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-65.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.161:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-66.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.161:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-67.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.161:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-68.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.161:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-69.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.162:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-53.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.162:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-54.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.162:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-55.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.162:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-56.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.162:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-57.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.162:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-58.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.162:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-59.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.162:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-60.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.162:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-61.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.162:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-62.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.162:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-63.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.162:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-64.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.162:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-65.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.162:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-66.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.162:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-67.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.162:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-68.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.162:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-69.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.163:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-54.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.163:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-55.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.163:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-56.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.163:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-57.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.163:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-58.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.163:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-59.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.163:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-60.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.163:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-61.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.163:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-62.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.163:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-63.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.163:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-64.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.163:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-65.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.163:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-66.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.163:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-67.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.163:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-68.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.163:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-69.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.167:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-81.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.167:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-82.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.178:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-81.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.178:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-82.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.179:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-81.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.179:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-82.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.204:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-83.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.204:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-84.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.204:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-85.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.215:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-83.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.215:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-84.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.215:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-85.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.216:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-83.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.216:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-84.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.216:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-85.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.220:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-86.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.231:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-86.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.232:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-86.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.28:C:\Documents and Settings\HAMDA & HASSAN\Application Data\Mozilla\Firefox\Profiles\eq3qsjh4.default\cookies-74.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.35:C:\Documents and Settings\HAMDA & HASSAN\Application
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP