Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Remove Linkoptimizer


  • This topic is locked This topic is locked
14 replies to this topic

#1 nayfen

nayfen

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 13 January 2008 - 07:07 AM

i have been handed down this computer. i noticed that windows xp has been running slow. the memory and cpu usage spikes and pulse quite dramatically. i have run various spyware and virus removal tools to moderate success. a couple webroot spy sweeper and ad-aware picked up linkoptomizer but were unable to quarantine or remove. some of the other scan i have tried included. norton anivirus, avg anti-spyware, windows defender, spybot, cleanup and i have run registry mechanic.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:51 PM, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [nForce Tray Options] "sstray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134977661250
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {D417ED3B-259D-4A1A-AF83-070D942C2017} - http://gromozon.com/214cd2be/50300/1/xp/FreeAccess.ocx
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\com1.nzx
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10035 bytes

Edited by nayfen, 13 January 2008 - 07:09 AM.


BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:39 AM

Posted 21 January 2008 - 05:45 AM

Hello nayfen and welcome to BC :thumbsup:

My name is SNOWHITE and I will be helping you with your Malware problem.

The computer is infected with Gromozon Rootkit, to remove it, download and run this tool Gromozon Rootkit Removal Tool

After the tool has finished its work, a logfile should be saved at this location c:\gromozon removal.log, please post that log back here with new HijackThis report. Also note that there is a fake pop up that might show up telling you to make a donation, please ignore this pop up.

Regards,
SNOWHITE
Posted Image

#3 nayfen

nayfen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 22 January 2008 - 05:10 AM

thank you for the response. :thumbsup:
i am amazed by the number of posts just in this topic alone. and you keep coming back for more!!! true dedication.

as requested.

Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Program Files\Common Files
Removing protected file: C:\Program Files\Common Files\System\afJKkO.exe
Removing protected file: C:\Program Files\Common Files\System\Aie.exe
Removing protected file: C:\Program Files\Common Files\System\AkB.exe
Removing protected file: C:\Program Files\Common Files\System\AqxA.exe
Removing protected file: C:\Program Files\Common Files\System\axJ.exe
Removing protected file: C:\Program Files\Common Files\System\bhid.exe
Removing protected file: C:\Program Files\Common Files\System\BUL.exe
Removing protected file: C:\Program Files\Common Files\System\BXL.exe
Removing protected file: C:\Program Files\Common Files\System\cGb.exe
Removing protected file: C:\Program Files\Common Files\System\cHY.exe
Removing protected file: C:\Program Files\Common Files\System\CMq.exe
Removing protected file: C:\Program Files\Common Files\System\cPdtLT.exe
Removing protected file: C:\Program Files\Common Files\System\cWY.exe
Removing protected file: C:\Program Files\Common Files\System\dHT.exe
Removing protected file: C:\Program Files\Common Files\System\donax.exe
Removing protected file: C:\Program Files\Common Files\System\dtv.exe
Removing protected file: C:\Program Files\Common Files\System\eAv.exe
Removing protected file: C:\Program Files\Common Files\System\ENR.exe
Removing protected file: C:\Program Files\Common Files\System\eQzwLh.exe
Removing protected file: C:\Program Files\Common Files\System\fik.exe
Removing protected file: C:\Program Files\Common Files\System\fls.exe
Removing protected file: C:\Program Files\Common Files\System\fOY.exe
Removing protected file: C:\Program Files\Common Files\System\FUd.exe
Removing protected file: C:\Program Files\Common Files\System\fWdL.exe
Removing protected file: C:\Program Files\Common Files\System\Gue.exe
Removing protected file: C:\Program Files\Common Files\System\GxG.exe
Removing protected file: C:\Program Files\Common Files\System\Gyi.exe
Removing protected file: C:\Program Files\Common Files\System\GzG.exe
Removing protected file: C:\Program Files\Common Files\System\hBK.exe
Removing protected file: C:\Program Files\Common Files\System\hLF.exe
Removing protected file: C:\Program Files\Common Files\System\HMTSAF.exe
Removing protected file: C:\Program Files\Common Files\System\HXr.exe
Removing protected file: C:\Program Files\Common Files\System\icv.exe
Removing protected file: C:\Program Files\Common Files\System\iUD.exe
Removing protected file: C:\Program Files\Common Files\System\IVeC.exe
Removing protected file: C:\Program Files\Common Files\System\ixTm.exe
Removing protected file: C:\Program Files\Common Files\System\JbA.exe
Removing protected file: C:\Program Files\Common Files\System\JcO.exe
Removing protected file: C:\Program Files\Common Files\System\JSG.exe
Removing protected file: C:\Program Files\Common Files\System\jtG.exe
Removing protected file: C:\Program Files\Common Files\System\kaBYgw.exe
Removing protected file: C:\Program Files\Common Files\System\KBUbhy.exe
Removing protected file: C:\Program Files\Common Files\System\KON.exe
Removing protected file: C:\Program Files\Common Files\System\kqL.exe
Removing protected file: C:\Program Files\Common Files\System\ktvnCZ.exe
Removing protected file: C:\Program Files\Common Files\System\KxaYN.exe
Removing protected file: C:\Program Files\Common Files\System\LcomYg.exe
Removing protected file: C:\Program Files\Common Files\System\LCX.exe
Removing protected file: C:\Program Files\Common Files\System\ldL.exe
Removing protected file: C:\Program Files\Common Files\System\lHBYyw.exe
Removing protected file: C:\Program Files\Common Files\System\LUu.exe
Removing protected file: C:\Program Files\Common Files\System\mBb.exe
Removing protected file: C:\Program Files\Common Files\System\MGRd.exe
Removing protected file: C:\Program Files\Common Files\System\MXp.exe
Removing protected file: C:\Program Files\Common Files\System\mYMtoK.exe
Removing protected file: C:\Program Files\Common Files\System\nda.exe
Removing protected file: C:\Program Files\Common Files\System\nIG.exe
Removing protected file: C:\Program Files\Common Files\System\nkv.exe
Removing protected file: C:\Program Files\Common Files\System\NKZw.exe
Removing protected file: C:\Program Files\Common Files\System\Nni.exe
Removing protected file: C:\Program Files\Common Files\System\npPDmR.exe
Removing protected file: C:\Program Files\Common Files\System\Nyu.exe
Removing protected file: C:\Program Files\Common Files\System\OCOgbA.exe
Removing protected file: C:\Program Files\Common Files\System\ofXvj.exe
Removing protected file: C:\Program Files\Common Files\System\oiHOtC.exe
Removing protected file: C:\Program Files\Common Files\System\pcQ.exe
Removing protected file: C:\Program Files\Common Files\System\PEg.exe
Removing protected file: C:\Program Files\Common Files\System\pScN.exe
Removing protected file: C:\Program Files\Common Files\System\Pzb.exe
Removing protected file: C:\Program Files\Common Files\System\qbg.exe
Removing protected file: C:\Program Files\Common Files\System\QcVEyM.exe
Removing protected file: C:\Program Files\Common Files\System\qknA.exe
Removing protected file: C:\Program Files\Common Files\System\qTLD.exe
Removing protected file: C:\Program Files\Common Files\System\RLb.exe
Removing protected file: C:\Program Files\Common Files\System\rMj.exe
Removing protected file: C:\Program Files\Common Files\System\rNc.exe
Removing protected file: C:\Program Files\Common Files\System\Rtv.exe
Removing protected file: C:\Program Files\Common Files\System\RyUP.exe
Removing protected file: C:\Program Files\Common Files\System\sbdTy.exe
Removing protected file: C:\Program Files\Common Files\System\sOK.exe
Removing protected file: C:\Program Files\Common Files\System\sSc.exe
Removing protected file: C:\Program Files\Common Files\System\SYqJQt.exe
Removing protected file: C:\Program Files\Common Files\System\SyZQhA.exe
Removing protected file: C:\Program Files\Common Files\System\Tej.exe
Removing protected file: C:\Program Files\Common Files\System\tJll.exe
Removing protected file: C:\Program Files\Common Files\System\Ttg.exe
Removing protected file: C:\Program Files\Common Files\System\tVN.exe
Removing protected file: C:\Program Files\Common Files\System\ugFO.exe
Removing protected file: C:\Program Files\Common Files\System\uMAN.exe
Removing protected file: C:\Program Files\Common Files\System\Uthygo.exe
Removing protected file: C:\Program Files\Common Files\System\VVpH.exe
Removing protected file: C:\Program Files\Common Files\System\WCUk.exe
Removing protected file: C:\Program Files\Common Files\System\wfD.exe
Removing protected file: C:\Program Files\Common Files\System\WLBT.exe
Removing protected file: C:\Program Files\Common Files\System\WpC.exe
Removing protected file: C:\Program Files\Common Files\System\WPk.exe
Removing protected file: C:\Program Files\Common Files\System\wpU.exe
Removing protected file: C:\Program Files\Common Files\System\wUt.exe
Removing protected file: C:\Program Files\Common Files\System\Wxpgn.exe
Removing protected file: C:\Program Files\Common Files\System\wyGhRV.exe
Removing protected file: C:\Program Files\Common Files\System\xdsfuK.exe
Removing protected file: C:\Program Files\Common Files\System\xItcA.exe
Removing protected file: C:\Program Files\Common Files\System\XNF.exe
Removing protected file: C:\Program Files\Common Files\System\xsH.exe
Removing protected file: C:\Program Files\Common Files\System\xSjES.exe
Removing protected file: C:\Program Files\Common Files\System\XxUNAA.exe
Removing protected file: C:\Program Files\Common Files\System\xyc.exe
Removing protected file: C:\Program Files\Common Files\System\ZjW.exe
Removing protected file: C:\Program Files\Common Files\System\zlNhF.exe
Removing protected file: C:\Program Files\Common Files\System\ZSQNcl.exe
Removing protected file: C:\Program Files\Common Files\System\ZUH.exe
Removing protected file: C:\Program Files\Common Files\System\Zuq.exe


Trojan.Gromozon Removed!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:29 PM, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [nForce Tray Options] "sstray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134977661250
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {D417ED3B-259D-4A1A-AF83-070D942C2017} - http://gromozon.com/214cd2be/50300/1/xp/FreeAccess.ocx
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\com1.nzx
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10008 bytes

#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:39 AM

Posted 23 January 2008 - 06:44 AM

Hello nayfen,

I should have warned you that this particular infection is extremely hard to remove usually. We can try couple of other things but I cant promise you that it will get removed.

PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATER



Please download Deckard's System Scanner (DSS) and save it to your Desktop. Do not run it yet.

Go HERE and read the instructions very carefully I suggest that you print them or copy&paste them in notepad because during the fix you will need to keep the computer offline and in Safe Mode, after you have read the Removal Information, download the Symantec's LinkOptimizer Removal Tool.

At the following link you will find information how to disable the security programs, they need to be disabled so nothing can interfere with the fix: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Do not disable your security programs until you have disconnected the computer from internet!

After downloading of the tool and disconnecting the computer from internet reboot in safe mode:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account (with admin rights).
Re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {D417ED3B-259D-4A1A-AF83-070D942C2017} - http://gromozon.com/214cd2be/50300/1/xp/FreeAccess.ocx
O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\com1.nzx


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Close all the running programs.
Double-click the FixLinkopt.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
The removal tool will force a restart of both clean and infected computers.
Run the removal tool again from Safe Mode.

Now re-run Prevx Gromozon Rootkit Removal Tool, the tool you have run in my first instructions.

Next:
  • Close all other windows before proceeding.
  • Double-click on dss.exe (Deckard's System Scanner) and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
Reactivate security programs, and reconnect to internet, post back with the reports from Symantec's LinkOptimizer Removal Tool if available, prevx report, dss scan reports both main.txt and extra.txt.

Please keep the computer as much as possible offline, if you have another computer that you can use to post back here, then it would be the best that you use that one.

Regards,
SNOWHITE
Posted Image

#5 nayfen

nayfen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 25 January 2008 - 03:43 AM

did all the steps listed. I did howerever run Prevx Gromozon Rootkit Removal Tool before the FixLinkopt.exe step. my bad! here are the logs as requested.

I have posted this reply from my other computer. after downloading all of the required applications within this post. I disconnected the the internet connection and it has not been reconnected to date as suggested.

Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Program Files\Common Files
Removing protected file: C:\Program Files\Common Files\System\afJKkO.exe
Removing protected file: C:\Program Files\Common Files\System\Aie.exe
Removing protected file: C:\Program Files\Common Files\System\AkB.exe
Removing protected file: C:\Program Files\Common Files\System\AqxA.exe
Removing protected file: C:\Program Files\Common Files\System\axJ.exe
Removing protected file: C:\Program Files\Common Files\System\bhid.exe
Removing protected file: C:\Program Files\Common Files\System\BUL.exe
Removing protected file: C:\Program Files\Common Files\System\BXL.exe
Removing protected file: C:\Program Files\Common Files\System\cGb.exe
Removing protected file: C:\Program Files\Common Files\System\cHY.exe
Removing protected file: C:\Program Files\Common Files\System\CMq.exe
Removing protected file: C:\Program Files\Common Files\System\cPdtLT.exe
Removing protected file: C:\Program Files\Common Files\System\cWY.exe
Removing protected file: C:\Program Files\Common Files\System\dHT.exe
Removing protected file: C:\Program Files\Common Files\System\donax.exe
Removing protected file: C:\Program Files\Common Files\System\dtv.exe
Removing protected file: C:\Program Files\Common Files\System\eAv.exe
Removing protected file: C:\Program Files\Common Files\System\ENR.exe
Removing protected file: C:\Program Files\Common Files\System\eQzwLh.exe
Removing protected file: C:\Program Files\Common Files\System\fik.exe
Removing protected file: C:\Program Files\Common Files\System\fls.exe
Removing protected file: C:\Program Files\Common Files\System\fOY.exe
Removing protected file: C:\Program Files\Common Files\System\FUd.exe
Removing protected file: C:\Program Files\Common Files\System\fWdL.exe
Removing protected file: C:\Program Files\Common Files\System\Gue.exe
Removing protected file: C:\Program Files\Common Files\System\GxG.exe
Removing protected file: C:\Program Files\Common Files\System\Gyi.exe
Removing protected file: C:\Program Files\Common Files\System\GzG.exe
Removing protected file: C:\Program Files\Common Files\System\hBK.exe
Removing protected file: C:\Program Files\Common Files\System\hLF.exe
Removing protected file: C:\Program Files\Common Files\System\HMTSAF.exe
Removing protected file: C:\Program Files\Common Files\System\HXr.exe
Removing protected file: C:\Program Files\Common Files\System\icv.exe
Removing protected file: C:\Program Files\Common Files\System\iUD.exe
Removing protected file: C:\Program Files\Common Files\System\IVeC.exe
Removing protected file: C:\Program Files\Common Files\System\ixTm.exe
Removing protected file: C:\Program Files\Common Files\System\JbA.exe
Removing protected file: C:\Program Files\Common Files\System\JcO.exe
Removing protected file: C:\Program Files\Common Files\System\JSG.exe
Removing protected file: C:\Program Files\Common Files\System\jtG.exe
Removing protected file: C:\Program Files\Common Files\System\kaBYgw.exe
Removing protected file: C:\Program Files\Common Files\System\KBUbhy.exe
Removing protected file: C:\Program Files\Common Files\System\KON.exe
Removing protected file: C:\Program Files\Common Files\System\kqL.exe
Removing protected file: C:\Program Files\Common Files\System\ktvnCZ.exe
Removing protected file: C:\Program Files\Common Files\System\KxaYN.exe
Removing protected file: C:\Program Files\Common Files\System\LcomYg.exe
Removing protected file: C:\Program Files\Common Files\System\LCX.exe
Removing protected file: C:\Program Files\Common Files\System\ldL.exe
Removing protected file: C:\Program Files\Common Files\System\lHBYyw.exe
Removing protected file: C:\Program Files\Common Files\System\LUu.exe
Removing protected file: C:\Program Files\Common Files\System\mBb.exe
Removing protected file: C:\Program Files\Common Files\System\MGRd.exe
Removing protected file: C:\Program Files\Common Files\System\MXp.exe
Removing protected file: C:\Program Files\Common Files\System\mYMtoK.exe
Removing protected file: C:\Program Files\Common Files\System\nda.exe
Removing protected file: C:\Program Files\Common Files\System\nIG.exe
Removing protected file: C:\Program Files\Common Files\System\nkv.exe
Removing protected file: C:\Program Files\Common Files\System\NKZw.exe
Removing protected file: C:\Program Files\Common Files\System\Nni.exe
Removing protected file: C:\Program Files\Common Files\System\npPDmR.exe
Removing protected file: C:\Program Files\Common Files\System\Nyu.exe
Removing protected file: C:\Program Files\Common Files\System\OCOgbA.exe
Removing protected file: C:\Program Files\Common Files\System\ofXvj.exe
Removing protected file: C:\Program Files\Common Files\System\oiHOtC.exe
Removing protected file: C:\Program Files\Common Files\System\pcQ.exe
Removing protected file: C:\Program Files\Common Files\System\PEg.exe
Removing protected file: C:\Program Files\Common Files\System\pScN.exe
Removing protected file: C:\Program Files\Common Files\System\Pzb.exe
Removing protected file: C:\Program Files\Common Files\System\qbg.exe
Removing protected file: C:\Program Files\Common Files\System\QcVEyM.exe
Removing protected file: C:\Program Files\Common Files\System\qknA.exe
Removing protected file: C:\Program Files\Common Files\System\qTLD.exe
Removing protected file: C:\Program Files\Common Files\System\RLb.exe
Removing protected file: C:\Program Files\Common Files\System\rMj.exe
Removing protected file: C:\Program Files\Common Files\System\rNc.exe
Removing protected file: C:\Program Files\Common Files\System\Rtv.exe
Removing protected file: C:\Program Files\Common Files\System\RyUP.exe
Removing protected file: C:\Program Files\Common Files\System\sbdTy.exe
Removing protected file: C:\Program Files\Common Files\System\sOK.exe
Removing protected file: C:\Program Files\Common Files\System\sSc.exe
Removing protected file: C:\Program Files\Common Files\System\SYqJQt.exe
Removing protected file: C:\Program Files\Common Files\System\SyZQhA.exe
Removing protected file: C:\Program Files\Common Files\System\Tej.exe
Removing protected file: C:\Program Files\Common Files\System\tJll.exe
Removing protected file: C:\Program Files\Common Files\System\Ttg.exe
Removing protected file: C:\Program Files\Common Files\System\tVN.exe
Removing protected file: C:\Program Files\Common Files\System\ugFO.exe
Removing protected file: C:\Program Files\Common Files\System\uMAN.exe
Removing protected file: C:\Program Files\Common Files\System\Uthygo.exe
Removing protected file: C:\Program Files\Common Files\System\VVpH.exe
Removing protected file: C:\Program Files\Common Files\System\WCUk.exe
Removing protected file: C:\Program Files\Common Files\System\wfD.exe
Removing protected file: C:\Program Files\Common Files\System\WLBT.exe
Removing protected file: C:\Program Files\Common Files\System\WpC.exe
Removing protected file: C:\Program Files\Common Files\System\WPk.exe
Removing protected file: C:\Program Files\Common Files\System\wpU.exe
Removing protected file: C:\Program Files\Common Files\System\wUt.exe
Removing protected file: C:\Program Files\Common Files\System\Wxpgn.exe
Removing protected file: C:\Program Files\Common Files\System\wyGhRV.exe
Removing protected file: C:\Program Files\Common Files\System\xdsfuK.exe
Removing protected file: C:\Program Files\Common Files\System\xItcA.exe
Removing protected file: C:\Program Files\Common Files\System\XNF.exe
Removing protected file: C:\Program Files\Common Files\System\xsH.exe
Removing protected file: C:\Program Files\Common Files\System\xSjES.exe
Removing protected file: C:\Program Files\Common Files\System\XxUNAA.exe
Removing protected file: C:\Program Files\Common Files\System\xyc.exe
Removing protected file: C:\Program Files\Common Files\System\ZjW.exe
Removing protected file: C:\Program Files\Common Files\System\zlNhF.exe
Removing protected file: C:\Program Files\Common Files\System\ZSQNcl.exe
Removing protected file: C:\Program Files\Common Files\System\ZUH.exe
Removing protected file: C:\Program Files\Common Files\System\Zuq.exe


Trojan.Gromozon Removed!

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8

Trojan.Linkoptimizer has not been found on your computer.

Deckard's System Scanner v20071014.68
Run by nathan on 2008-01-25 17:15:34
Computer is in Safe Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.


-- Last 5 Restore Point(s) --
5: 2008-01-25 05:52:34 UTC - RP31 - Software Distribution Service 3.0
4: 2008-01-24 05:39:06 UTC - RP30 - System Checkpoint
3: 2008-01-23 05:11:28 UTC - RP29 - System Checkpoint
2: 2008-01-23 04:45:45 UTC - RP28 - Software Distribution Service 3.0
1: 2008-01-22 09:31:35 UTC - RP27 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as nathan.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:17:07 PM, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\nathan.NAYFEN\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\nathan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [nForce Tray Options] "sstray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134977661250
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8513 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080125-163631-383 O16 - DPF: {D417ED3B-259D-4A1A-AF83-070D942C2017} - http://gromozon.com/214cd2be/50300/1/xp/FreeAccess.ocx
backup-20080125-163631-558 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
backup-20080125-163631-603 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080125-163632-912 O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\com1.nzx

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BsStor (B.H.A Storage Helper Driver) - c:\windows\system32\drivers\bsstor.sys <Not Verified; B.H.A Co.,Ltd.; >
R0 Si3112r (Silicon Image SiI 3112 SATARaid Controller) - c:\windows\system32\drivers\si3112r.sys <Not Verified; Silicon Image, Inc; SATARaid>
R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsubleepa Electric Industrial Co.,Ltd.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S2 aslm75 - c:\windows\system32\drivers\aslm75.sys
S2 Cnxtdiag - c:\windows\system32\drivers\cnxtdiag.sys <Not Verified; Conexant Systems; Diagnostic Interface>
S2 Fallback - c:\windows\system32\drivers\fallback.sys <Not Verified; Conexant Systems; SoftK56>
S2 Fsks - c:\windows\system32\drivers\fsksnt.sys <Not Verified; Conexant Systems; SoftK56>
S2 K56 - c:\windows\system32\drivers\k56nt.sys <Not Verified; Conexant Systems; SoftK56>
S2 mdmxsdk - c:\windows\system32\drivers\cnxtdiag.sys <Not Verified; Conexant Systems; Diagnostic Interface>
S2 SoftFax - c:\windows\system32\drivers\faxnt.sys <Not Verified; Conexant Systems; SoftK56>
S2 SpeakerPhone - c:\windows\system32\drivers\spkpnt.sys <Not Verified; Conexant Systems; SoftK56>
S2 Tones - c:\windows\system32\drivers\tonesnt.sys <Not Verified; Conexant Systems; SoftK56>
S2 V124 - c:\windows\system32\drivers\v124nt.sys <Not Verified; Conexant Systems; SoftK56>
S3 basic2 - c:\windows\system32\drivers\basic2.sys <Not Verified; Conexant Systems; SoftK56>
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys (file missing)
S3 Lvckap (Logitech Kernel Audio Processing Filter Driver) - c:\windows\system32\drivers\lvckap.sys (file missing)
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 PCTINDIS5 (PCTINDIS5 NDIS Protocol Driver) - c:\windows\system32\pctindis5.sys (file missing)
S3 PID_0928 (Logitech QuickCam Express(PID_0928)) - c:\windows\system32\drivers\lv561av.sys (file missing)
S3 Rksample - c:\windows\system32\drivers\rksample.sys <Not Verified; Conexant Systems; SoftK56>
S3 w550bus (Sony Ericsson W550 driver (WDM)) - c:\windows\system32\drivers\w550bus.sys (file missing)
S3 w550mdfl (Sony Ericsson W550 USB WMC Modem Filter) - c:\windows\system32\drivers\w550mdfl.sys (file missing)
S3 w550mdm (Sony Ericsson W550 USB WMC Modem Drivers) - c:\windows\system32\drivers\w550mdm.sys (file missing)
S3 w550mgmt (Sony Ericsson W550 USB WMC Device Management Drivers) - c:\windows\system32\drivers\w550mgmt.sys (file missing)
S3 w550obex (Sony Ericsson W550 USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\w550obex.sys (file missing)
S3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems; SoftK56>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 ccPxySvc (Symantec Proxy Service) - c:\program files\norton internet security\ccpxysvc.exe (file missing)
S2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; >


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 3Com 3C920B-EMB Integrated Fast Ethernet Controller
Device ID: PCI\VEN_10B7&DEV_9201&SUBSYS_80AB1043&REV_40\4&35344E25&0&0860
Manufacturer: 3Com
Name: 3Com 3C920B-EMB Integrated Fast Ethernet Controller
PNP Device ID: PCI\VEN_10B7&DEV_9201&SUBSYS_80AB1043&REV_40\4&35344E25&0&0860
Service: EL90Xbc


-- Scheduled Tasks -------------------------------------------------------------

2008-01-25 16:36:47 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-22 19:03:23 1538 --a------ C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
2008-01-11 23:06:43 582 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - nathan.job


-- Files created between 2007-12-25 and 2008-01-25 -----------------------------

2008-01-25 16:30:45 0 dr-h----- C:\Documents and Settings\nathan.NAYFEN\Recent
2008-01-25 16:10:20 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Webroot
2008-01-22 19:23:05 0 d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-01-13 21:44:32 0 d-------- C:\Program Files\Trend Micro
2008-01-13 19:55:10 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot
2008-01-13 19:54:06 0 d-------- C:\Program Files\Webroot
2008-01-13 19:54:06 0 d-------- C:\Documents and Settings\nathan.NAYFEN\Application Data\Webroot
2008-01-13 19:54:06 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
2008-01-13 19:53:09 164 --a------ C:\install.dat
2008-01-13 16:43:13 0 d-------- C:\Program Files\Windows Defender
2008-01-13 15:47:19 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-01-13 14:56:28 262144 --a------ C:\ntuser.dat
2008-01-13 14:53:22 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-13 14:53:17 0 d-------- C:\Documents and Settings\nathan.NAYFEN\Application Data\Mozilla
2008-01-13 14:26:33 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-13 14:22:30 0 d-------- C:\WINDOWS\system32\LogFiles
2008-01-13 14:22:30 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-13 11:41:42 0 d-------- C:\Documents and Settings\nathan.NAYFEN\Application Data\JimbobSoft
2008-01-13 10:05:25 0 d-------- C:\Program Files\SiSoftware
2008-01-13 08:57:42 0 d-------- C:\Documents and Settings\nathan.NAYFEN\Application Data\Grisoft
2008-01-13 08:57:16 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-01-13 07:58:31 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Start Menu
2008-01-13 07:50:13 0 d-------- C:\Documents and Settings\nathan.NAYFEN\Application Data\U3
2008-01-12 15:53:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
2008-01-12 15:53:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Software
2008-01-12 15:52:58 0 d-------- C:\Program Files\NCH Software
2008-01-12 15:51:08 0 d-------- C:\Program Files\NCH Swift Sound
2008-01-12 15:51:07 0 d-------- C:\Documents and Settings\nathan.NAYFEN\Application Data\NCH Swift Sound
2008-01-12 13:33:30 0 d-------- C:\Program Files\Common Files\Nero
2008-01-12 13:30:55 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-01-12 13:30:55 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-01-12 13:30:47 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-01-12 13:30:46 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-01-12 13:30:46 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-01-12 13:30:44 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-01-12 13:30:33 0 d-------- C:\Program Files\Ahead
2008-01-11 17:21:46 0 d-------- C:\Documents and Settings\nathan.NAYFEN\Application Data\Leadertech


-- Find3M Report ---------------------------------------------------------------

2008-01-25 16:18:58 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-13 15:46:58 0 d-------- C:\Program Files\Common Files
2008-01-13 15:41:30 0 d-------- C:\Program Files\Winamp
2008-01-13 10:45:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-13 08:05:54 0 d-------- C:\Program Files\Common Files\Logitech
2008-01-13 08:03:19 0 d-------- C:\Program Files\CyberLink DVD Solution
2008-01-13 08:01:30 0 d-------- C:\Program Files\Common Files\Nikon
2008-01-12 10:28:50 0 d-------- C:\Program Files\Google
2008-01-11 17:23:48 0 d-------- C:\Program Files\Telstra
2008-01-11 17:22:22 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-19 22:48:55 0 d-------- C:\Documents and Settings\nathan.NAYFEN\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [13/11/2002 05:34 PM C:\WINDOWS\system32\sstray.exe]
"NvCplDaemon"="RUNDLL32.exe" [04/08/2004 05:56 PM C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [11/11/2005 01:47 PM C:\WINDOWS\system32\nwiz.exe]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [18/03/2004 09:33 AM]
"Logitech Utility"="Logi_MwX.Exe" [30/06/2003 09:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [30/09/2003 12:14 AM]
"PDF3 Registry Controller"="C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe" [01/07/2005 02:59 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/2007 10:59 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [06/09/2006 11:22 AM]
"NvMediaCenter"="RUNDLL32.exe" [04/08/2004 05:56 PM C:\WINDOWS\system32\rundll32.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM]
"RegistryMechanic"="" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:56 PM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [12/03/2007 03:23 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [21/05/2007 06:20 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [12/03/2007 3:23:47 PM]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2/08/2004 4:26:35 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e8fe86-812a-11dc-972b-00265410f3e6}]
Auto\command- recycled\SVCH0ST.EXE
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycled\SVCH0ST.EXE

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-01-25 17:17:52 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 1535.48 MiB / 1176.54 MiB
Pagefile Memory (total/avail): 2156.58 MiB / 1983.62 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.66 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 38.28 GiB total, 14.88 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 19.01 GiB total, 18.95 GiB free.
G: is CDROM (CDFS)
H: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - Maxtor 6E040L0 - 38.29 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 38.28 GiB - C:

\\.\PHYSICALDRIVE1 - QUANTUM FIREBALLlct20 20 - 19.01 GiB - 1 partition
\PARTITION0 - Installable File System - 19.01 GiB - F:

\\.\PHYSICALDRIVE2 - SanDisk U3 Cruzer Micro USB Device - 3.81 GiB - 1 partition
\PARTITION0 - Unknown - 3.81 GiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v2007 (Symantec Corporation) Disabled
AV: Norton Internet Security v2007 (Symantec Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\SRN Micro\\SOLOCFG.EXE"="C:\\Program Files\\SRN Micro\\SOLOCFG.EXE:*:Enabled:Solo Scheduler"
"C:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"="C:\\Program Files\\ASUS\\AsusUpdate\\Update.exe:*:Enabled:ASUS Update"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\nathan.NAYFEN\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NAYFEN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\nathan.NAYFEN
LOGONSERVER=\\NAYFEN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;"C:\Program Files\Norton SystemWorks\Norton Ghost\";C:\Program Files\Boris FX, Inc.\Boris Continuum Complete 4.0
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SAFEBOOT_OPTION=MINIMAL
SAN_DIR=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\NATHAN~1.NAY\LOCALS~1\Temp
TMP=C:\DOCUME~1\NATHAN~1.NAY\LOCALS~1\Temp
USERDOMAIN=NAYFEN
USERNAME=nathan
USERPROFILE=C:\Documents and Settings\nathan.NAYFEN
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

nathan.NAYFEN (admin)
(admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Premiere 6.0 --> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Premiere 6.0\DeIsL1.isu" -c"C:\Program Files\Adobe\Premiere 6.0\Uninst.dll"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ASUS Features --> "C:\Program Files\ASUS Features\ASUS Features.scr" /S /Uninstall
AsusUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BigPond ADSL SIK 5.6 Files --> C:\Program Files\Telstra\sikuninst.exe
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
DVD-RAM Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\Setup.exe" DVD-RAM Driver
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.78 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 6.2 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600205}
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_0_0_86\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Audio Driver --> C:\WINDOWS\System32\nvuAudio.exe Uninstall C:\WINDOWS\System32\NvAudio.nvu,NVIDIA Audio Driver
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA nForce Utilities --> C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_SSUtilsNT 132 C:\WINDOWS\INF\nvautlml.inf
NVIDIA Windows 2000/XP nForce Drivers --> rundll32.exe C:\WINDOWS\System32\NVNFINST.DLL,NvUninstallCrush
Prism Video Converter --> C:\Program Files\NCH Software\Prism\uninst.exe
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
ScanSoft PDF Professional 3.0 --> MsiExec.exe /I{826FBE05-4D09-401A-BF2D-DDA85F590688}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SiSoftware Sandra Lite XII.SP1 --> "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\unins000.exe"
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Symantec Network Driver Update --> MsiExec.exe /X{6AF90EF6-F7F9-466C-99F4-1774826FBB40}
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Messenger 5.0 --> MsiExec.exe /I{4A432C6C-1E20-4266-95D1-5782349C6C62}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type31102 / Error
Event Submitted/Written: 01/25/2008 05:17:29 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type31101 / Error
Event Submitted/Written: 01/25/2008 05:17:26 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type31100 / Error
Event Submitted/Written: 01/25/2008 05:17:25 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type31099 / Error
Event Submitted/Written: 01/25/2008 05:17:25 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type31098 / Error
Event Submitted/Written: 01/25/2008 05:17:25 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type84727 / Error
Event Submitted/Written: 01/25/2008 05:12:43 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type84726 / Error
Event Submitted/Written: 01/25/2008 05:11:58 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type84725 / Error
Event Submitted/Written: 01/25/2008 05:06:53 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type84724 / Error
Event Submitted/Written: 01/25/2008 05:06:52 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type84723 / Error
Event Submitted/Written: 01/25/2008 05:03:52 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-01-25 17:17:52 ------------

#6 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:39 AM

Posted 26 January 2008 - 12:46 PM

Hello nayfen,

There are some signs of another very nasty infection there. You will need to run some tools and post me back with reports so I can see if it is still present, or what I see is just registry leftover and we will see what next.

First we'll need to backup registry:

Start -> Run -> type: regedit -> press OK button. Then click on My Computer to highlight it, right click on it and select Export. Give it a name and press Save.
Save text below as fixme.reg on Notepad. Save it as All Files and save it on your Desktop.
REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e8fe86-812a-11dc-972b-00265410f3e6}]
The above Registry file was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Locate fixme.reg on your Desktop and double-click on it. It should look like this -> Posted Image
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

(In case you are unsure how to create a reg file, take a look here with screenshots.)



Please download SWWhoAmI
make sure to download the tool at this location C:\ drive.

After that click Start > Run > type cmd press OK button.
In the window right after C:\> type swwhoami /listusers >iam.txt note the spaces.

Using Windows Explorer navigate to C:\iam.txt copy and paste the contents in this thread.

Next,

Download & run this tool - http://www.techsupportforum.com/sectools/CleanX-II.exe
Then post the log it produces
note: if post analysis still shows files reboot and run tool a second time.

Make sure that the security programs are running and connect to internet.

Go here to run an online scanner from ESET.
http://www.eset.eu/online-scanner
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic.

Run also this tool:

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Post back with the reports.

Regards,

Edited by SNOWHITE, 26 January 2008 - 01:05 PM.

SNOWHITE
Posted Image

#7 nayfen

nayfen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 27 January 2008 - 06:41 AM

had trouble with the command promts. when typing C:\> swwhoami /listusers >iam.txt
My prompt had C:\Documents and Settings\nathan.NAYFEN> so when i typed the suggested text it came up with ' swwhoami' is not recognized as an internal or external command, operable program or batch file.

performed other tasks as listed

#######################################################################

Brontok Worm Removal Tool - (Version - 06.08.14)
by sUBs

#######################################################################

Current date: Sun 27/01/2008 Current time: 16:35:17.57

=== PRE RUN ANALYSIS ===================================

...............



=== POST RUN ANALYSIS ==================================



NOTE
The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.

======================================================


# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2824 (20080126)
# vers_arch_module=1.063 (20080117)
# vers_adv_heur_module=1.060 (20070601)
# EOSSerial=9129ba1ff8c0cc47a25a3e153bad9a03
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-01-27 08:27:06
# local_time=2008-01-27 06:27:06 (+1000, E. Australia Standard Time)
# country="Australia"
# osver=5.1.2600 NT Service Pack 2
# scanned=175353
# found=7
# scan_time=5343
C:\Documents and Settings\nathan.NAYFEN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-31122d2c-53865a21.zip Java/Exploit.Bytverify trojan CE7E4F367958F4A70C4BAF73D034C439
C:\Documents and Settings\nathan.NAYFEN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-31122d2c-53865a21.zip ZIP Dnnny.class Java/Exploit.Bytverify trojan 00000000000000000000000000000000
C:\Documents and Settings\nathan.NAYFEN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-31122d2c-53865a21.zip ZIP Den.class Java/Exploit.Bytverify trojan 00000000000000000000000000000000
C:\Documents and Settings\nathan.NAYFEN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-55ec6b27-239fbf2f.zip Java/TrojanDownloader.OpenStream.NAB trojan 09BCE5E1BB34F7535E41DFD8CDA38FD0
C:\Documents and Settings\nathan.NAYFEN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-55ec6b27-239fbf2f.zip ZIP OP.class Java/TrojanDownloader.OpenStream.NAB trojan 00000000000000000000000000000000
C:\Documents and Settings\nathan.NAYFEN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-59071d60-1ce2fe41.zip Java/TrojanDownloader.OpenStream.NAB trojan 09BCE5E1BB34F7535E41DFD8CDA38FD0
C:\Documents and Settings\nathan.NAYFEN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-59071d60-1ce2fe41.zip ZIP OP.class Java/TrojanDownloader.OpenStream.NAB trojan 00000000000000000000000000000000



MER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2008-01-27 21:17:16
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT 8A32D758 ZwAlertResumeThread
SSDT 8A338F68 ZwAlertThread
SSDT 8A2BF460 ZwAllocateVirtualMemory
SSDT 8A288B48 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey
SSDT 8A105D48 ZwCreateMutant
SSDT 8A3BA200 ZwCreateProcess
SSDT 8A3BA188 ZwCreateProcessEx
SSDT 8A11C820 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey
SSDT 8A107960 ZwFreeVirtualMemory
SSDT 8A32A750 ZwImpersonateAnonymousToken
SSDT 8A32B390 ZwImpersonateThread
SSDT 8A1257C0 ZwMapViewOfSection
SSDT 8A339518 ZwOpenEvent
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT 8A0499E8 ZwOpenProcessToken
SSDT 8A1071C0 ZwOpenThreadToken
SSDT 8A44BC60 ZwQueueApcThread
SSDT 8A44BAF8 ZwReadVirtualMemory
SSDT 8A3A22A0 ZwRenameKey
SSDT 8A167F30 ZwResumeThread
SSDT 8A32A910 ZwSetContextThread
SSDT 8A3BA368 ZwSetInformationKey
SSDT 8A107288 ZwSetInformationProcess
SSDT 8A106CB0 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey
SSDT 8A330BF8 ZwSuspendProcess
SSDT 8A3A78A8 ZwSuspendThread
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT 8A33AC28 ZwTerminateThread
SSDT 8A0B3A18 ZwUnmapViewOfSection
SSDT 8A107A38 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[3080] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 8F, FF, C3, 83 ]
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[4060] ntdll.dll!KiUserExceptionDispatcher + 9 7C90EAF5 5 Bytes JMP 00016190 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[4060] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000168D0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[4060] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00017130 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[4060] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 000168D0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[4060] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 000170E0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[4060] kernel32.dll!VirtualFree 7C809AE4 5 Bytes JMP 00017110 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8A44B988
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8A44BA80
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8A44BA80
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8A44B988
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8A44B988
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8A44BA80
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8A44BA80
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8A44B988
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8A44BA80
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8A44B988
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8A44BA80
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 8A44BA80
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 8A44B988

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F78771DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F78771DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7877454] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F78771DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F786AF4C] fltmgr.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 8A0F2F38
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 8A0F2E00
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE 8A0F2C48
Device \Driver\Tcpip \Device\Ip IRP_MJ_READ 8A0F2AD8
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 8A0F2230
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 8A0EFFA8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 8A0EF630
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 8A0EF560
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 8A0EF490
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 8A0EF348
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 8A0EF270
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 8A0EF138
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 8A0EEE10
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 8A0EED10
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL 8A0EEAC0
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL 8A0EE9B0
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN 8A0EC998
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 8A0D6EF0
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP 8A103650
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 8A103560
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 8A102F78
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 8A102EB0
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 8A102DC8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 8A102910
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 8A1027B8
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 8A102430
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 8A0FB8D0
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 8A0F8D80

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [B5E3F180] SYMTDI.SYS

Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 8A0F2F38
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 8A0F2E00
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE 8A0F2C48
Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ 8A0F2AD8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 8A0F2230
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 8A0EFFA8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 8A0EF630
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 8A0EF560
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 8A0EF490
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 8A0EF348
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 8A0EF270
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 8A0EF138
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 8A0EEE10
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 8A0EED10
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL 8A0EEAC0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL 8A0EE9B0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN 8A0EC998
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 8A0D6EF0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP 8A103650
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 8A103560
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 8A102F78
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 8A102EB0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 8A102DC8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 8A102910
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 8A1027B8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 8A102430
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 8A0FB8D0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 8A0F8D80

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [B5E3F180] SYMTDI.SYS

Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 8A0F2F38
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE 8A0F2E00
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE 8A0F2C48
Device \Driver\Tcpip \Device\Udp IRP_MJ_READ 8A0F2AD8
Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE 8A0F2230
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION 8A0EFFA8
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION 8A0EF630
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA 8A0EF560
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA 8A0EF490
Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS 8A0EF348
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION 8A0EF270
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION 8A0EF138
Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL 8A0EEE10
Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL 8A0EED10
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL 8A0EEAC0
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL 8A0EE9B0
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN 8A0EC998
Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL 8A0D6EF0
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP 8A103650
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT 8A103560
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY 8A102F78
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY 8A102EB0
Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER 8A102DC8
Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL 8A102910
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE 8A1027B8
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA 8A102430
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA 8A0FB8D0
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP 8A0F8D80

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [B5E3F180] SYMTDI.SYS

Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 8A0F2F38
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE 8A0F2E00
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE 8A0F2C48
Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ 8A0F2AD8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE 8A0F2230
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION 8A0EFFA8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION 8A0EF630
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA 8A0EF560
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA 8A0EF490
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS 8A0EF348
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION 8A0EF270
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION 8A0EF138
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL 8A0EEE10
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL 8A0EED10
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL 8A0EEAC0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL 8A0EE9B0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN 8A0EC998
Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL 8A0D6EF0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP 8A103650
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT 8A103560
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY 8A102F78
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY 8A102EB0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER 8A102DC8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL 8A102910
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE 8A1027B8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA 8A102430
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA 8A0FB8D0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP 8A0F8D80

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [B5E3F180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [B5E3F180] SYMTDI.SYS

Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 8A0F2F38
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE 8A0F2E00
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE 8A0F2C48
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_READ 8A0F2AD8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE 8A0F2230
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION 8A0EFFA8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION 8A0EF630
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA 8A0EF560
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA 8A0EF490
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS 8A0EF348
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION 8A0EF270
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION 8A0EF138
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL 8A0EEE10
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL 8A0EED10
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL 8A0EEAC0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL 8A0EE9B0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN 8A0EC998
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL 8A0D6EF0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP 8A103650
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT 8A103560
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY 8A102F78
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY 8A102EB0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER 8A102DC8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL 8A102910
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE 8A1027B8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA 8A102430
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA 8A0FB8D0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP 8A0F8D80

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F7639E40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F78771DE] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F78771DE] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F7877454] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F78771DE] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F786AF4C] fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F786AF4C] fltmgr.sys

---- Registry - GMER 1.0.13 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EEC09F31-C08F-E7B0-FE30-28D87584BD7B}\InProcServer32@jaidlccciddnhlmpbead 0x6A 0x61 0x67 0x67 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EEC09F31-C08F-E7B0-FE30-28D87584BD7B}\InProcServer32@iaidjcedplknhpkebk 0x6A 0x61 0x67 0x67 ...

---- EOF - GMER 1.0.13 ----

#8 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:39 AM

Posted 29 January 2008 - 03:12 PM

Hello nayfen,

Step #1

To Clear the Java Runtime Environment (JRE) cache, do this:
  • Click Start > Settings > Control Panel.
  • Double-click the Java icon.
    -The Java Control Panel appears.
  • Click "Settings" under Temporary Internet Files.
    -The Temporary Files Settings dialog box appears.
  • Click "Delete Files".
    -The Delete Temporary Files dialog box appears.
    -There are three options on this window to clear the cache.
    • Delete Files
    • View Applications
    • View Applets
  • Click "OK" on Delete Temporary Files window.
    -Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click "OK" on Temporary Files Settings window.
  • Close the Java Control Panel.
You can also view these instructions along with screenshots here.

Step #2

click Start > Run > type cmd press OK button.

Type this:

cd C:\

Press Enter, then type:

swwhoami /listusers >iam.txt

Press Enter

Using Windows Explorer navigate to C:\iam.txt copy and paste the contents in this thread.

Step #3

A guide and tutorial on using ComboFix can be found at the following link http://www.bleepingcomputer.com/combofix/how-to-use-combofix

1. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
2. Download combofix from one of these links:
Link1
Link2
3. Double click combofix.exe & follow the prompts.
4. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note:
Combofix should never take more that 20 minutes including the reboot if malware is detected.

If it does, open task-manager > use the processes tab (press ctrl alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

If that happened we want to know, and also what process you had to end.
Post back with the content of iam.txt, combofix report and new HijackThis report.


Regards,
SNOWHITE
Posted Image

#9 nayfen

nayfen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 30 January 2008 - 06:01 AM

snowhite
thankyou for your hard work thus far :thumbsup:

I could not find the icon in the control panel for java. i spoke to the previous owner who said they deleated some programs believing they may have been a source for infection. I am not certain how thorough this process was completed. I downloaded the latest java runtime and cleared the cache, thinking this may link the old version and clear any previous cache at the same time.

Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
| ASPNET
| Guest
| HelpAssistant (Disabled)
Yes | nathan
| SUPPORT_388945a0 (Disabled)


ComboFix 08-01-30.1 - nathan 2008-01-30 14:36:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1051 [GMT 10:00]
Running from: C:\Documents and Settings\nathan.NAYFEN\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\nathan.NAYFEN\Application Data\Install.dat

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.

2008-01-30 14:33 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-30 14:33 . 2007-10-23 15:18 211 --a------ C:\Boot.bak
2008-01-30 13:42 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-30 13:40 . 2008-01-30 13:42 <DIR> d-------- C:\Program Files\Java
2008-01-30 13:40 . 2008-01-30 13:40 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-27 16:50 . 2008-01-27 16:54 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-27 16:14 . 2008-01-27 16:14 66,048 --a------ C:\swwhoami.exe
2008-01-25 17:14 . 2008-01-25 17:14 <DIR> d-------- C:\Deckard
2008-01-25 16:10 . 2008-01-25 16:10 <DIR> d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Webroot
2008-01-22 19:23 . 2008-01-22 19:47 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-01-14 12:23 . 2008-01-27 20:59 250 --a------ C:\WINDOWS\gmer.ini
2008-01-13 21:44 . 2008-01-13 21:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-13 20:29 . 2008-01-13 20:29 23 --a------ C:\WINDOWS\ZDPLUSSEARCH.INI
2008-01-13 19:55 . 2008-01-13 19:55 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot
2008-01-13 19:54 . 2008-01-13 19:54 <DIR> d-------- C:\Program Files\Webroot
2008-01-13 19:54 . 2008-01-13 19:54 <DIR> d-------- C:\Documents and Settings\nathan.NAYFEN\Application Data\Webroot
2008-01-13 19:54 . 2008-01-13 19:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
2008-01-13 19:54 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-01-13 19:54 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-13 19:54 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-13 19:54 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-13 19:54 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-01-13 19:53 . 2008-01-22 19:08 164 --a------ C:\install.dat
2008-01-13 16:43 . 2008-01-13 16:43 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-13 15:54 . 2008-01-13 16:13 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-01-13 15:54 . 2008-01-13 16:13 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-01-13 15:47 . 2008-01-13 15:53 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-13 14:56 . 2008-01-13 14:56 262,144 --a------ C:\ntuser.dat
2008-01-13 14:53 . 2008-01-13 14:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-13 14:27 . 2006-10-05 00:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-13 14:26 . 2008-01-13 15:51 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-13 14:22 . 2008-01-13 14:22 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-13 14:22 . 2008-01-13 16:02 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-13 11:41 . 2008-01-13 11:42 <DIR> d-------- C:\Documents and Settings\nathan.NAYFEN\Application Data\JimbobSoft
2008-01-13 10:05 . 2008-01-13 10:05 <DIR> d-------- C:\Program Files\SiSoftware
2008-01-13 08:57 . 2008-01-13 08:57 <DIR> d-------- C:\Documents and Settings\nathan.NAYFEN\Application Data\Grisoft
2008-01-13 08:57 . 2008-01-13 08:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-01-13 08:57 . 2007-05-30 22:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-13 08:14 . 2008-01-13 08:14 51,355 --a------ C:\WINDOWS\system32\muzika.xm
2008-01-13 07:50 . 2008-01-13 07:50 <DIR> d-------- C:\Documents and Settings\nathan.NAYFEN\Application Data\U3
2008-01-12 15:53 . 2008-01-12 15:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
2008-01-12 15:53 . 2008-01-12 15:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Software
2008-01-12 15:52 . 2008-01-12 16:02 <DIR> d-------- C:\Program Files\NCH Software
2008-01-12 15:51 . 2008-01-13 07:57 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-01-12 15:51 . 2008-01-13 07:57 <DIR> d-------- C:\Documents and Settings\nathan.NAYFEN\Application Data\NCH Swift Sound
2008-01-12 13:33 . 2008-01-12 13:33 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-12 13:30 . 2008-01-12 13:31 <DIR> d-------- C:\Program Files\Ahead
2008-01-12 13:30 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-01-12 13:30 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-01-12 13:30 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-01-12 13:30 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-01-12 13:30 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-01-12 13:30 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-12 13:30 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-01-11 17:21 . 2008-01-11 17:21 <DIR> d-------- C:\Documents and Settings\nathan.NAYFEN\Application Data\Leadertech
2008-01-11 16:55 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-11 16:55 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-11 16:54 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-11 16:54 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-12-20 16:40 . 2007-12-20 16:44 <DIR> d-------- C:\NewPCBackup
2007-12-09 09:35 . 2007-12-09 09:35 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 03:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-25 06:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-01-13 06:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-01-13 05:41 --------- d-----w C:\Program Files\Winamp
2008-01-13 00:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-12 22:05 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-12 22:03 --------- d-----w C:\Program Files\CyberLink DVD Solution
2008-01-12 22:01 --------- d-----w C:\Program Files\Common Files\Nikon
2008-01-12 00:28 --------- d-----w C:\Program Files\Google
2008-01-11 07:23 --------- d-----w C:\Program Files\Telstra
2008-01-11 07:22 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 07:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 07:39 230,912 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-27 07:37 2,109,440 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-10-15 00:35 60,800 -c--a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-08-24 04:28 20 ---h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLec.DAT
2003-12-19 10:36 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
2003-03-31 12:00 94,784 -csh--w C:\WINDOWS\twain.dll
2004-08-04 07:56 50,688 -csh--w C:\WINDOWS\twain_32.dll
2003-10-26 06:03 32 -csha-w C:\WINDOWS\{B1D35536-C803-492D-BEAD-59C4385FB196}.dat
2004-08-04 07:56 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-04 07:56 54,784 -csh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 07:56 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 07:56 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2007-05-17 11:28 549,376 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 07:56 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-04 07:56 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
2003-10-26 06:03 32 -csha-w C:\WINDOWS\system32\{0F6D56D5-F671-4BA4-9495-4512618E9D7C}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:56 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-12 15:23 67128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 17:56 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-11-11 13:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-06-30 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
"PDF3 Registry Controller"="C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe" [2005-07-01 02:59 106496]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 11:22 26248]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 17:56 33280 C:\WINDOWS\system32\rundll32.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"RegistryMechanic"="" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-09-03 09:36 100032]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" [2005-05-04 14:45 78848]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-12 15:23:47 67128]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-08-02 16:26:35 155648]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-05-21 18:20 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys [2002-06-06 01:07]
R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\si3112r.sys [2002-10-16 12:57]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 w550bus;Sony Ericsson W550 driver (WDM);C:\WINDOWS\system32\DRIVERS\w550bus.sys []
S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w550mdfl.sys []
S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w550mdm.sys []
S3 w550mgmt;Sony Ericsson W550 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w550mgmt.sys []
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w550obex.sys []

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 00:15:01 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - nathan.job"
- C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exep/TASK:
"2008-01-22 09:03:23 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 14:38:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-30 14:39:49
ComboFix-quarantined-files.txt 2008-01-30 04:39:25
.
2008-01-30 03:36:14 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:19 PM, on 30/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O4 - HKLM\..\Run: [nForce Tray Options] "sstray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134977661250
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9420 bytes

#10 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:39 AM

Posted 01 February 2008 - 05:17 PM

Hello nayfen,

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\WINDOWS\system32\muzika.xm <-- Delete this file its a leftover of an older infection.

Close Windows Explorer.

Looks good. How is the computer running?

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note: This scanner will work with Internet Explorer Only!

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


Post back with Kaspersky scan report new HijackThis log and let me know hows the computer running.

Regards,
SNOWHITE
Posted Image

#11 nayfen

nayfen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 02 February 2008 - 07:27 PM

there is a noticable difference in how the computer is running. the cpu dose not spike and and spend prolong periods of time at 100%. I did however run spy sweeper again after deleting trhe trace and running kaspersky and it is still bringing up linkoptimizer and can not quarantine it.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 03, 2008 9:49:59 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/02/2008
Kaspersky Anti-Virus database records: 545785
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 60938
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:30:17

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\NATHAN~1.NAY\LOCALS~1\Temp\PXR1B.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\NATHAN~1.NAY\LOCALS~1\Temp\PXR3F.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\NATHAN~1.NAY\LOCALS~1\Temp\PXR6A.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\NATHAN~1.NAY\LOCALS~1\Temp\PXR79.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\NATHAN~1.NAY\LOCALS~1\Temp\PXR7F.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\004bf1f334dab56e7d9407b105538833_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\005eccdd878e9418a3d93014a7811268_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\007097dc2416b6c4b84638189111e5ad_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\00dc18f4bcc5a44757911d082188e452_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\012ded1bfbca721d10efed4048e100a5_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\01d11fc40169f5f763eda2123a3f67f3_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\024d4d9f1949609e0838209698e92153_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\026d82d79b34d75359542b09454252c0_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\027963dd95b4b49e23e4b7372801215f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0280575bce0888f2c467ad4d437ea672_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0348d9842b3d03fa7a8a881f3e51340b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\037b08655a268985d5db034777da0528_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\03b9f79e7981b1fbf040cdc0794e636d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\03ca659d876aa31b6a92180fa24841d1_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\03cd49ce2450b417581eb512f768330a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\048fa5f33e899fe6c837da2a83f9e286_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\04cb45ae3789bef90820fbc1328a86ac_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0551249ce16b1b606049af2cad1f9499_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\05b893070578cf52161d93b0bd00d45b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\05cfd2c81ce71b990ce3b2ed8f90f615_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\05d1e4cc83684cbc3d24bbe0734c09e0_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\05dd3ed87daa332d6ddaaeab4ac8f18f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\060c0de5d95fd0be3accaf67a03e71b0_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\078a95ea29fdac0d85614ed85de373da_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\07b3bf220baff3451ab7e8f2b2e624f7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\089df132d690afb2a1babfdefb3f4492_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\08dfc2afa29eb6c1f054f3e3fdcf3f21_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0968bd2fb6f5ab9085f8d32edef922f8_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\09b9c00ad53ac30421fa4f6cf01d8361_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\09e8c7cff6508202f8309c60e461530e_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0a54e3777a60ebb806d8b43ada64dfaa_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0a7bd46340e4e2e5ea5653717040428c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ae76c6658ef44e9f700f8234c7d6481_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b43e6aa5b5a5841a9face01e4bc3c4d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b72de1da7095fcd4fa40c58581aa539_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0bd548ae7541e0d3a39793d078c4ccc4_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0be2e019ff353ae986fac2d46d27fc3c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c576106fbf1857d85c0b7806dc51a51_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ca3df7b3159811bbabb9f0588f66ec4_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ce8984049618e066d70864ccc445d50_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d360f5e92367bc7d0580325a9f02564_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d77c1463ea37491d78c2a76c332e44c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d82a1b24b1263669db68a857e6ea30a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d92f677e8cbae0ef20860ebd4b6bfec_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0db780b6ba8dfa9884e4461cfa8de109_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e04a9781b30d38963cb6d5847b32cf2_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e709a62eeb855a5628b3309c7d29c42_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ef84c2c7b836810ea6af4b8f89151cd_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0efadb754eb0190014ec65d3cf4451f4_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f0e2fed56f2fd3139c04cae92ab4ce3_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f75c733fa2a9c56c7ca7ba5d3937127_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0fcba7fc6e64160d2186ceb767358827_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\102d84053ed85acf5b03ff2a689476c2_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\10425420bcc066f5d16d4a73c9d155d8_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\105deb3c898cd5d2327e24fc73d6d786_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\10c177a5ba161cf21f07efec80494de1_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\114f9d7b78b7cca62aa4c6cd324ef368_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\118ac8cd4ac81fb2b85471635bd8ed7c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\11aa89dd8cac4294586d6f7b8dc74d6f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\12063c97f7d236329ae49fa86d131e8d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1273f92fdf386a47c2fa941c19659fbb_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\12891e51f702acc148d9ddce681d270e_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1327fdb8ff81e74c3fd41cb881500663_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\142839c52fe2edc42d5c88f4c1c7c3b2_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\144427cb21f2f69066431f8901ea562e_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1490d919cbf9b10082b5a2498a9efc00_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\14ae7d53cdd934161fd181183a9f68ed_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\14d84db4333051d4728bfb108dc66b4a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\14dd50d73a8117a5e0645db632038a2f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\14fbfe0efa40330214b8fa8367589bbf_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\15e147586e59c7db19fc2e02c0df4dff_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\160c767466497c55beb42fe37229dbe9_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1690bd0ef632c928317cd29c7835ba86_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\16fffa8614dec072aa67bd677f0f4955_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1710622d4c81aac505a91ef08f5dc3bc_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\17bf23c3171f5925a476e9b17cc88d22_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\18e2a944f6f6fde1c18c7ac9207475af_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1987903c25202dfe535221314a6a898c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\198aaa6589793705a34c384fc6c968cf_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1993a216ca98cf4e3ff4b244583f054b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a741a12e384a270052394575e48a7d5_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a842b149d702a20636ca3bb30e43e45_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ad67a77a91d40773ba907ecf6d1b224_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b198c6f99152524822f410fd21eea87_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b5a4d584f5fab256e43bf50cd874d7b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b7854fb846225c7e032a0c22ed75824_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1baf3b3cdd7d8c3acd1c3ad645625049_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c54c52236dc4a9dc9766fed59f2f009_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c5cbf5fe011be90da2f8b8ffc2c89b7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c841425b9235535e30b1d661fd5e633_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d2639f098989ef84d99ef672ccbbdd1_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1dfcdbae72277d49cd4715818937a102_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e2d3e2932e3f040e3b6a3c430bd7b5a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e2e7063b382ce049b10c868bb20e981_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f1c52b0b9e19fc583cc9a880b9aaee5_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f243efd12962eeb2c421a43e18d57d6_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f2f2442985f9af0d9ac815c1472d141_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f5ff4d55cfdf369d5e491624cd773a0_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f7bea282ef085df429db786ba7c181b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\202a09d1f3e77c933cf24734a9cf4344_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\20365529852123445931db096bf28efb_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\20483c3807396ab30096132ff6b5490a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\208c3cfd86741d2b9473fa7698873d07_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\20d21a8cb7d1cd18b900491099bcb5c9_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\20fa0539b43b92fef5218f19bd5f7db3_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2172f8dedad216f5e2b13c8902d8a19b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\21b531d68a430f5498aa436aa6a7f4fa_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\21e652dbc40a8556686b8d0d72c5d613_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\220399f93c8656f183cac8ee6ff49903_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\22cda94be4714d93efa2de1190548a18_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\23a7992fc8bdac0c8b9a2be5c22be508_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\240e130a7ab45d567fd3c242d217b884_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\24972f7a82f3e098ac3a72ef4c6e129d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\25ee5842f2a14052e77320404b36e93b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2698605b223549deceda16e7857e2cf5_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\26aef0778364abf131d43ad031e91db8_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\27245b3520f14ee9194cc0e5fe7d0262_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\27e441ff455ca5a75249fef3429cfd47_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\289d60a378e4c77d694a06c1c5cecdcb_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\29bae3603ae766acdef38268e7fc0d03_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2a2d134fed5d4325ddf928b29e1efe66_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2a95b138e57a0c435eb6ad1846829e88_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b3bfc93ba63b1f83745b90108bd8a79_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2cc1a5625be637f5d8527abeb0c76faa_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2ce7f2de005034a0016440feb79f88e2_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d7cbd952bc474a22f5a2c9310c7d00c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2db9de09890c2f4a3ac41ce16d94272c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e32b801fea71cbb0b2a3e720fcd87a7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e8df5ab1c55e39ce958a8d94d84d05f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e918b07173f157f066e49784d273cc4_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2efa75fda25c32194889325043c6c635_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f68d1c4a7a26ac347683f4b746f2817_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f8f1c87f745d669af7459fa034fe5ea_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2fb64493f5099b3dcca7fa2c661cac02_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2ffa9f986a180d1faec951b3acb1530b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3013e3f85b73c7559726bce80af48df4_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\306ab5c874c7b4832dca750f0a8c37ac_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\30b2ed0260151864b6a5b29f9d7a9f79_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\30cd3e51af6ebe2a7d558337624a5640_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\30f199343489175d3b614d5a48ea744e_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3121bc807304f5c06c8061fbf275884e_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\315a86d82fb29a05e7d7412f4ba02a6a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\31bcfe716b27a23e0ea8dd1ae56259fa_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\32b1d78692271ee48d3865b5f8178a1a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\32c8d1c5ffade6eab63b0b3c2b4b57ed_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\32cbd833342bdd8e31268dd8d5fe0a00_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\33095fcff6bb8356be665a346ff97e74_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3340dbdf61ea5bfdd0685a719925d1a1_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\339a6e529905d697154f2a071cd6cf8b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\34bf5e205336f6565876cbbbbfd2dd60_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\35186ad4208c6d10b54d497532a342c7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\356aa7d2ea0e5ec24d8fb3713b46f622_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\361f205be3f139e240666f21ec0dd3ba_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\365db829681c4bd4de578d9881f7caa7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3680bb7529946f14227572405251a9c3_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\36922c00829410f476d638f1ae4aa161_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3725572712bc80221f2d4a9dfc073b84_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\374bf90ebdb09ce1077fc73e6a284adb_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\377086e04e28e3ad5f9fe1481e3656d0_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3790788e98ebfd011c59480e49037536_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\37ac7d28275d6f4c01410b872d1ecd11_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3811edbacf501e014b0daec190e14f4b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\388d2866232f58710d7916a20be4098b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3904e61369d46e1cebdd8c77b9e6d100_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\392f2d9dafffcfca59a5d9adedac1d56_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3a802438d1f0591a4162574ca7567a02_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad01f46987a79b19de1405c3e60abc6_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ae49582bc5f52ff232eb91c987bed08_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3afb451b318ef9fe242d31728ca3405a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3b29b3dfefd3c0f0efb19f60ef4bad4c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3b59e7401aa2c8c07b79c0a58dc87f84_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c32917270f4f49248a787b36d90f975_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c4305cac876ec552ac903cfd8d0ea59_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3cb4af9952a9f2fb9a305f3249e99388_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ce85541aedc6f74d24aa0bcc26e2c99_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d1588f6a2b48f4c25c7791d10dee47b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d916e888822cdc485756b49f852fd6b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e5a4522412e96a6e3c43dbb6a7296cf_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e5b760234a57cb7902bd14ad151d371_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e6008fd5586ba6fa81018d9533c4816_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e8e95d33f90ea5e7861d29c425cfa30_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3fd262fc9b3f6ee24ce3800e96fa6ca2_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\40bad86099ec21a08ae85bbe65d09434_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4129afc15b55f08e857d2bdf1def2398_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4177e9a5c1bcb7277664d2dca40d9801_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\42094356be81bb2d0356660d1a5238b6_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\42e9db5dd332c5a16bd2beaf89aff445_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4469e40f7913f209b4f5507e6265fbe0_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\448bfcaffb5319382a7edd7686eb790e_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\44bc7d935de4ee8f2c77719536967dd1_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\44e06e8cef3e56be0106616a2838e62f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\45164a1a02f7858659aac02f71e73217_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\454301b3fc2eef2e8d7dc67b5f740d2d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\455980181366fd458b9dd3d1d9ee018a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\45c92cda612b5bc5a5f85eda8ca024d0_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\469d916e8d8a4d3f99bf101920674f24_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\46b65a2d79ea8b9e46b36ec820c0564a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\46c4650a4b85c0accc2a08800454a0f9_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\46f4ea96af775915da604a363b9b6558_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4774ce406dc26507cded493bcc21357f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\47b9ae0a35e6b0d2b5e24829dc3a0d82_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\484969eb441e0d48fa3601264165c322_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\485fa06738497c2fb7662d9eaa923dea_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\486e98588a45c48c22734e962722a2cd_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\487e3bcd8a4c1d0cbb9ea9e604635285_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\488b3ca25640119fd03c5d9307295424_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\48dd1ebdd0c72d82284313a51b5080f7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\48de1d2c01cc690aae51747f16384178_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4970fed5b06886f10027e94a9aa48c72_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\49ac504b683d1689ea79562c40939189_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\49b1b73f16c8c7804fbc7681c5cb39fc_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\49c880a8baa5ee77ac23c5930acb74c0_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a3b7cb46758099875f04c17afae6352_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a73958cd73be23682c8b0d6c6739f2f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4bcc3eb93d7e70d2d6de696750b255c1_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c2ad5f64a6f03ef0f2a9db2f8636772_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c2e8f475fb65cedfea4c7d4ad67b7cd_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4cc0b4a82e8618aead7bd9de4104f3b0_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d1b3288bb86f46d58261c3d02152592_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4dbc3c185942eee5259391f646c83a66_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4e09d717feb9e4db005d5d3df152c323_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4e1e6eb72c1d915f4f643f58aa62fe7a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f24d2cb8703de807319171e97669c14_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f28712e31ecbde51cfb2b32dd848cd4_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f68b36cfe8e6ca2e77aabe9a956b2a5_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f86005e09e0659cc1bb6c2553d38a60_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4fdfdaa9fca5e068f7d7e864245e26bc_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\500e2a21d634bac839acf9eb1865c398_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5037ba75a6c599f263f6521d339b0610_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\504a29937c719d21c7f432242926f275_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\504ae34ad5f9fd720786489ff05cce26_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\506182d43de84a3fab8bc1dea0c4c349_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\50e82421ca3aa9c3a216b7da6fb26a90_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5153e5c360b7daceec7a7531da45978d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\51b6afe895a35715390f3311af2adad6_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\51dd34d2d01a5b81441bc27aa2cf76f1_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\51e8ce355087055fb58dd4dbe07aa98e_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\52b842f1e12ce5348f376224a8ba5c91_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\52ce0cca73d9ab436dbc63523b5be950_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\533d00431d878ff97c4698c4ea5e6347_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\538293ec68b665187648a4d6478559d7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\53c6ac8245edc88af1d846a54c6d6547_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\542ca2efd4b82b575989a2898648824a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\547c18a099758e442624c129fb077416_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\54d0825694b93d55a8d9708fa4fc7541_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\54d29839f3777ec4f12955373bf251f2_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\54f5eef18992edeb56b0e51a373815b6_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\555b696edef29ca0ac2c64101c7a29c4_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5562fbc08259ddc8e8c07ed2e1c6f2b6_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\55637f3ad2491f4dab3779ba7d24f75b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\55fa1e566d8651888a7ab7c5fdee7db4_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\56052a4c641eb6c5198488ab129a6c08_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\565932ce532f7c79196faf974dd07005_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\56e8683dd055e9144e767e675a8df746_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\57bf178255f9dcf47b883a32cbfbd071_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\57ef9d285d3f866ec43dbb93940037b6_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\583e1a22ea05371e40e4086338e75f8d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\58e260563150ffba3b66c129d9e6a2a1_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\598bd12cb37e49149431352d75c2ff08_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\599cfb95240c8b98c8ea209c258f12c2_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\59fc1c38f78e72b91bce9143c7af15b0_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ab52dd1e9833659245305f8578a522b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b4dfa6192c28a5ab1da7f80664e85cf_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b5c60203d23f5b68cad125a42cf2b72_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5bea6998244a17d7f2378b9ac98b7ba8_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5cca77a790bae9cd98ecc8edf8714be7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5dc7e9a53f4f7f1801f6d12101bf0225_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5dff5f0312a134a645507b8e55ad5ce6_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ea5193c2a4d4e6346b6df7690678d84_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ea98c981d030f4101b3e82bb109fe4e_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ebe2cfd848f5d6cba5363334f36174f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ed6dba70092c4cba305db1f2e7e0d98_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5fd19b81a0a02f7fa8914c5183c1790f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5fdfb1694b336fa8ad9ae4ba2d83d21a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\60293824feed78d977ec4207cf0fb154_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\606b0abb91b231f322e8bd121606d199_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\608b77aae9c35b77e550f537d4a170f9_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\60af22d929d70a338baf3079463a1558_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\61994a0c03c2ba00f4e51f34c9a1af44_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\623818697a3ce9eeb938e0380bda840b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6238409d6a9cae66ffe1429aba3f9067_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\631dc529a7664f40c00d8b62d0547525_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\632ac4a86b2646b4f7ada6d2e98093e1_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\641204364b314028122d9666ea17b4b1_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\64455638a084d9b8d2070c5369514b9b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\644696f05ebd8419d786c9afdf12f065_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\646942c648029e11092307bc5d077f34_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\652567b0ca8a9b7e8b7a5bb058842710_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6570111345e9759b479e8a7fc018673d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6606c635f9c3af7cd195b9647aaf670e_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\66734869b4030f56973ae3946fa1db28_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\670125de549dfa45c253798e62dbee18_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\671b2f4d49ebdded154f840c91bbb9d0_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6798c6e83bc2bdf4a94194bd3051e837_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\67f1b671f4909174e642b36e04f85af8_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\691ce0d2483edcffc7600902ff8004c9_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\696941a7d123771bddddb4f160c3453b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\698e2bcc8316ef5b8b0878052998ee03_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a201924a4a669c82cd3a4ba98fa8c4b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ac05ae8129c75bb94431314e8ca470a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b45f82b6022482dd2dbc89f5986971c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b4a4a889efe33b36a40f00d9dfcd256_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6bb60032520c338a89edb9457717931b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6bff92d3291a268672e845a51292d9e8_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c2d2c3139c8838196694c5f9b7d7a7b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c38e85fbc321fd2bd62d97efebf3b56_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6cb2b1993a0173038852e9859c5fa0a2_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e37b72d272230ade1de1273bf4108a9_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e3bbb7105097873865488d0c053d6dc_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ef3c43645e1ac91a64a5f4a8baef6ec_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6f1967d5789557190bdc5e7465af0b04_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ff62f62687a7624be501f3a6bd155bd_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\70077b2f2aa21e9356f7d5dcce5838ee_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\70a7eb686c519a1aa668e1754d708ce7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\70e960652c90a7c2ca6df0a4be100a5f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\70ff86697c369966412fd3ce76a59e7f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7143ecf5e77ea9db1b93d9cf0545849d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\714c9aa282c1557b2fed9095bb2f26bf_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\717b72c4e95aab72e5ce6d4cd121a442_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\71df62d60d5d3030b8d54aaa4ceb333b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\72063d1d588596e40ff48c6ac6731a54_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7270fb5c6280118fcf09f32ecde40947_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\72cc8868d99adec04ddd5a12542c881d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\72ff2521117bec7be0ce72d096240496_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\732785ff68f2c3783c08fadd750ff1e0_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\734bf99b1648b38e881f976188afded7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\740f3427b3718ebbf9696aece84d505a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\742a61e0efed204c1669ce7d9cdbfa2a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\743708c481f45d7774b55df430c2c85e_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\74671db6fff817c77c46a09a16b65afd_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\74787929dbb0c9a5879044048ebf05b9_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\75ee0fd3712a763bed39113c68403ff5_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7672582ce38941e790aad5d2d5053e96_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\767993f1e1be9e6f68270fe29dd14391_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7683a3cea019fc0fae64f71b111acebf_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\76b9fbc1f4b1fff110762759d26bb855_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\76c1928356e36c1657d1a3375cb4ca26_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\76ccec1f3bb3afacf2777b9fc64cc16c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\76e4769b877c3906d6618eddf0d004f7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\778f45dcef36c13e5451f18c2c5519dd_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\77b084a2e1f763c07bf731301dc94b98_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\77b2b9fdbe9492a13aa3620938b91444_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\77f288ee89ba38e024a34d72a6a8e069_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7811ae7089577248d940fd1e5fa10b0d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7862efdf76f0f3e01a43a9dd45eee9ec_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\78c8a81b6b003b0d202ff67491c67f95_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\79f46436e40d502443497b4918e1152f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a395c15a26d06d93d93db7e323a253f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a708867122579bda4120048828fafca_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7aca8e57a720945b0576451a1855c458_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b49b6b8bd27c45bc133e388348c3d26_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d586b188484f7233e36b554487c6f62_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d58a1394693f569d0fab231b988f7ac_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d9334029bef5eab56907899626fbe38_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e0fc31fa4e9dbd02bd7f46c7e65d917_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e666cf467b8f2825fb2b616459c62d5_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ebe3b48281597a2f107eb03d7ad1868_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f2e118ddd91a5d67b0465dd0a4a3990_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7fbc8bf0e64a89f1156387275c4ff468_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8006ec6998b33bfe791b985dcccfb810_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\801a17fe9cedefeb5993cc7f54bca7bb_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\81a9c5f890aa7d0328d81c46e920e5d8_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\81b44d12a003cb1cd851f0d40532083e_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8232e2174e3b07fdb10ad099bcb86cdc_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\828d3bc799dd5e2820605ce180cd328a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\82c52c3cbbc272204a0bea61c1b5c5b0_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\82d9a8a0fab906e225743d2af2bd920d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\845251450fc68c9e36766a246e7d6e9b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\85d5822ce151792e6a327de614a705fa_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\85d9b450412e2ee37ebfdc47324e54cf_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8608afa81694f60d94cbb9d956687503_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\86138b1fb6e97fd49ce7bf343b8f7936_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8616cb23736771fc44c79d3890665f55_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\86c507d32f7e78e68ad3a1a1beb5fa96_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\86f3c417b475c94c3bf6cfbe9fe22916_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8795ad7027e2ff69cbc0ef15d13a5eb8_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\884715c75fa71ab8f61a0fee9b82ab18_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\889d8e8ccd5c656340d9fa5b16e42f18_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\88cf24ed603631216d14befc1518b2c9_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\89384b94096a19780b4c8337c16578b2_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a551577d6a9d70cd591419aec170caa_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a5708d48d4173278115198f4b81e021_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a58de1642ca531d289d4497fd7bde4c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8ac3e5d76e795ee066bf4f061f92acb1_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8af848bc5a101854f912a32b9f7f6a3b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8afcd61896b2002593f50f24b92b2e43_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b16f817d3deddaa6528dd236f064a5f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8bbe3355a911125933166451daba97ef_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8bd73869266f12d57540bf602f8bf0b4_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8d589514c8d9b4f106ffb51d8538e4f5_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e898634eedfe8d8ebe5c173e080feea_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8eb205b0356845883254fe1280241c75_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\90041712f2b75266303fdf7fd051cedd_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\906f41f0614341ceafa350d8ec9aa165_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9071e86cf56031695239c4dc05fd05aa_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\90801c0b8eb1194f619730a9cf62c853_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\90c2b21ab9cb5a1cc7b2676dfe112a00_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\90cf20ec3b2a882841b4265cf1419b3f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\90db842e3a2c9b1748028498b164571b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\90f1c35491dca2bb0eabb46a802ab670_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\91dab1d671a0e2038c13ee4553d6a901_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\921cc71be3cf782e8c9bbb8b322d4bb6_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\926a013053f7b34b08fcf5d9d839bdf0_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\92c416c4ed3524c2f2c8a7095edaff2c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9373222c7ec9073a427ef0df6105b41a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\944385841a26c9d84a732f504f20a146_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\947b8e5481ab6a3a9b4fd605ff0fbf02_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9564cf07e21628c0be21a9c6486b8afd_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\962eb4667aa7cf6c1041dfab5e1b300c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\964e489c75818c0a44556b65146282f0_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9667f3a79ffe0948b41760609e122010_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\96a9e3e802add05f4df2d4c14697bd73_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\96ca4e47073cf645add72e85c912ea34_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\975e0244acb7e74dfda566be12e745a0_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\976df504c28af23a30234f15180d0097_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\97b88f7d955bde69f83f8002f97a0d3a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\984a158225e968f759898521a290430a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9866401d3ece2f8fdf34575917c92c85_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\98bb168ca214a3e5084c1c3416e3e28d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\99b6d1119cdfd60907acc106f7bc0a99_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a3822681b8f6edb498f729ccf4e1cfc_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a926a51518380a5f572c778a2f718ee_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9adcf2898904487d47e7e56e039d871d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c2f08e3a1c8b53fd9a67cd61e0415b1_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c9f8f8662fefd6bd939a7aca47cf984_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ceaaf05f8541bf703787de525465401_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9d64db63fe932c68c76ac723fe8c04e2_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e8da65b5f29b7825977f2504bffa4e4_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e9872ce9f009b6f7648b3bf01226516_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f1793dbb09586d2a3f4aff3daafd068_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f54919d69ff3323401312a6e8e649d5_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f56011593d573a7f6e4bb5d42238af2_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9fa7fc293efa732b4bb6767f819fd773_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0064b961c5afce42a07bd1d948c45ab_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a013020939fb4ae2fd862b208a8f465e_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0743c984786bdf65ebf039edc9119d5_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0fa4c7d594381c75b5cc72a2cc1acc7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a11e671e3387c57b3389135b95498b60_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a1c51d3ff238b7830e921d599c11e692_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a1f52b7ebc9ef69c0e35bd9c0dd7084a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a20ceb080e93749707e284a3640d4069_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a2384e04c2b553d31ed60cde868b0f79_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a25a45f4ed02558f52d2040e43824df8_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a28540458b547adfeafb3a0ae024cf13_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a2e42c07f8e8a2de5429b307cabc0280_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a2fc1b8ff1a825fb0d0ed5a9d7c0d9f5_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a3d7f6dc7c28e88ec36870aacf224e79_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a470c3ba77ad5380b23a11c801f7ba7c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a4c39b7217cd56708d0fa5f049035b95_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5a6c8995b4643d2d3ef6ebed0237fe3_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5ea97a0a68ff51aec473fdd7ef85c8b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a61482306f0ae5dcc52fe697709712b9_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a62241e223186b89a3698c33719b7b2c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a62e09d07cd835b8c303567efab19e77_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a6c0ae21157ebe0471fccb371b6509f3_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a6cdcd93583194f21074569289423c68_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a79c1b2006e65a9cb7128999e8f690fe_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7ed5f4844b52cd1c286c70c1018b700_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7f22081fc68282ea6d9de8819c2efd9_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a881db13dbeffc0be0bc1e30988f224c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a8835e160f9f93811a5c751c46b7fbf6_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a8a1a04c92f5146712f6cc429518db0f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a8fb7886f025d16bbc290f945bc192bf_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a94872cd61b3265b7244d36e7902ea97_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a9a1eda1e27a2da11bc3df61a66c9127_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a9f9e031cd826d67cd873e08b8911774_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa2a4ea2435c879fbbd44c47ce7c8777_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\aacf87f90be8f9829e0d9f4f6cf2b516_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\aaddcf6ca9bb0adfbb7ce72ed31f8f0b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\aaf3d0753c690c19019e2acbc5d8137d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\aaf7d855048d1af5cfc2345673bf2e99_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac61a7692c24ed15a07e5539fe977b32_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac6d791a0dd22a26baaec01ecbd93c65_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ad4afa96dbe97c452381d276877d67b7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ad558d62741f5ac83f37abf544d684ae_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ada5cdc6e36753834e2d97e88e5db8fd_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae044eb32c73d9214e02d5999eb49d3b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae1c910143ef3f0d0b6502ec7ac33ee9_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae78b223dae435c0ca96cb2665233a4d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae857af39e84f98fb7e14f806b42ade8_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\aec24d32a21bf724b522a20d2dc47fac_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\af383f5faa892b9f18f7731ef003bcaf_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\af9e725f82935962e449891c5b798a66_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\afca3c9fa780d209782ff5b47677fc38_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\affa6cf6db665d0cd28c2a58c41044ab_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b07fa5e6bc9a0bbb947f36488c929d3f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b0960539ea9bc7032e468f9e60d9a113_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b0ea08d953f1a2fa55d4ad981fc75a58_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b13ab72f3d28d039ee11a1e1186a8afb_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b231806f160b98eb028e1032cfe042d3_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2738e50b2561d6340f63e6f384d53d4_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b280c5eb43ab885c1782eca9e75a79ee_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b3514a830004a72685982b1e4a315a18_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b365f4925ceeb0d0202fe16bf15337f5_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b3718161c0ed522f9e441ddce3c250aa_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b39f5b627fcff04d5736e2f95554b685_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b4981af8f7fc7ca55a3a0157fe13fe4d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b498abdad9715ebc443c64b0475eb405_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b4c595e390118235a2ae6148784dcebf_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b4d7902f51448d51d7fc41b2e65b4550_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b4ff94e14b229bd864dfb84a10757821_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b50d2615d20f33b19ce3b6371436be66_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b548f925bdd03f6c805ff0aab860b6c8_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b56419417c9326e564e1efb39a06a532_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b5e04c11cb9cf85ae0bb531844802ad6_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b67064de1153880ffa03b6d0bb3d3006_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b69e26318c23b5d35baa33daf92db52e_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b754bdc0acab061a5fcf5cde16e93216_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7a61f90affef84c3602c2836dff504e_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7fbbab1031c9f066d576c5dcbaa4fae_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b81b30ca8b9f4da72dbb6a8f7b85c4b1_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b878ffc307ea9bc3ef0852382ce4fbee_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b8e4d5561f4dcd11f47d7afbefe134c5_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b8e9bf4b5d4958186583b264fb880489_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b944a1337624ecf386823698000a946b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b9a43af3661d0a268032c67c7fc4c945_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\baca77096a8439b0ac7d4db14e20940f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb3711a578fc26c15617f20f5585b2cc_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\bbaf98a57acabd3175abd0557fb6cd29_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc0d727332d8f7d5a957458c3257fe3d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc8b4f3356b68a8a99281896a0f150c7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcb0dbac19dff0bc174d34d17ed7cbc8_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd25cd4fcfacc37d5b61c7ec9e4d2883_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd805f1130581d6f41abca3e8d629bdf_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\bde0c342ddd5bfa9d8ab7ac25765510a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\bdfdc589286cfedfb38a402ca8444cc4_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\be4940dcf6c41751b2f89c5cd47c6ce3_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\bed1394bf479299ef14146e65dc1728d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf1233d73d221469182103f01975b931_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf5a51b15931c2e34d8fe10fe2829bee_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf7f94ac90919186010397f89cbddca0_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c01ab8bf14b268711feab7691ffbe836_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c0eeba14c5799f3f813a943e8c5264a2_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c1124d1a8303e90772864f7201eb11db_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c1448af7a09efe3c9fac7bc77ad8f043_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c16331e3840017b71cb8b30e11fc9cbd_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c1d03eda5df0a736377e5e8ca6ddd8a3_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c1d53affaded01cf004f0edd0ffa9278_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c1f145350cd364c47e300c0319f0dd0d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2497c6092d3c2309a8218f0b99be374_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c29a761fa15923819093f1bffaea8c70_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2e1cfb3d4bcb8e9d4506a2d30c5b124_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c30a35f5cfed613f0db9b61a9c4f275c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c31ab2cf631b2179f8d468b10d60c830_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c364f89028ef31a821aa54f21b29d703_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c376841abb2a75012fabe0c7b762c4cb_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3aa278d735ab27646c79b68ee63196a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3d29cdabda8b00f79d030805d1442e6_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c42a8903ab77dc157ffcd93075887cc6_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4752943dfc2e334efeb4307ab8e12a5_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4bbd8cf5f3ca1a707906893276c68f1_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c5b2872d14b74bc991d94dfee6c38b9d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c637930c727a88681cefe5d3003c8e9f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c64dde6edb506afd33b35ae6ee0856f8_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6720441d055cfa1639548ce3605feac_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7195e2a4f7c42609d437813417640a7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7551da7fe6a4327a9bb129ebda4ab54_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7840720c75fa7de6bfdb99a7e3acbae_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c789b05ded87915f2ef631599fac23ed_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c78acbdefb007f49bf7f9c159a71bdc5_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c87596da26170664e9926b0914952909_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c90953e4014b9a9be3290909236640ce_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c9237ed377583f9f13f473bfd45fc885_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c955338aee104d3cda29f39513963d92_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c992ef82b627d5f0c0c810202c8b21d3_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c9d1e133374de7445eb3d9f6769f4929_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca231f81a82e5b331808e738bfa90ca7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca5204abf816fb01913985e4c2e013b1_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca65a0ec38564f1414c9fc95509aa934_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca99fc137fbde5cb9b0f999b4db0c470_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\cae99b435db5f5b198f6910b1de3b826_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb016ca40776af1a3071666b56336a48_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb60f946effb9dad1647a8d6f5d9fb35_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb6afe23dc68dddaeeaa38c376029305_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\cbe9bb2fb3ca339e1dbce4113c9e62e3_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\cbed14658cf146aff2d866ad74d60152_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc5876aadc2ac95337781eba01c6d32f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc6e421431dae54719917d382c985b8b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc6f4fcb1d632428e2a10e687925f351_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd9de1ae8a571d0627bf59255224d541_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\cde0a9ac54dc57722565189caa50b58e_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce9e7f432434772e917a54697938877f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ceef835f182a415387baa07301b791f5_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf2d2c93eac2878dfc1569f39d7ea938_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf476c653ab2d9ca4d63aba21682f558_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf9e06e5f3548117e5167e04cafbdd2a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d003ccc1eaa4cd429ac4929a03012bb7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d02544d18b6bc61ef62b2ff475d7c234_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d236eb6c49e4fb4c296814bc6fa5145e_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d27716ca643684bac7e7b5ff74e5e809_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d2b7f5b8412afe8eb3b894ece3a19694_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d2c095fb8643dd5c6a78eadf269b2a86_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d2d2eb4774ca335c599678426f76c289_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d332768e0bd3254ce7fcd5cc42416765_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d363b58d64759206701dea41cb7fe9d4_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d44a801447210b1d3cfb1737404f2aac_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4592e4eb98ef4b1478ec9f9d41b2ad7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4d28efec0c7e77e141b1f82a2527c44_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4ec91d7a2ae82a872aa7db91b4f03aa_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4efc41e511e4a46c4cf96f0c782adb8_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d5230496dd8dd5ac03fc9c943e013522_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d5c9c1755da2692c2f7eb92ca76d6c42_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d60229e241a1fce5d10a7670e49b267b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d65150dc3b09818b672122a0e13d7be0_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d792ca8a22e7d5258d646c1da6ad4511_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d840085df5fb08943bdff68e05119ca8_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8ae171c0f108e369aba45b041baca4f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8f1eb368a0faf796af34c783602d2c1_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d9489a2d281eae28c0587304838b69a7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d9a4716a8f265ceb943a8fca1a34091f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\da23259e4996abb54736b77ad1a1f43d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\da884aaacd9ad54e17dcd232041a51ae_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\daddd2fad8a983d9d9c987b4044682f7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\dae8dd7f5dc839f1bbceae668f843f2b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\daf0f718d23aa3bca3ac27c645ed9e8f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\db3fc9ea9c04576fea0bfab56ca3810e_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\db4ddf9f5afdbbbbd217cefb4af788e5_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\dba10ee82481b2135616c43f0901d8f9_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\dbb52290eebef676ea22b794d0fce784_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\dcb801e09aedad19ac4269188620d066_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\de233477cd234ac69ca6a749e4766ec7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\de2519ad3054d4b69bd6728919e04bb3_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\df0de5e883449ab12119297579b0edb7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\df6e923cf72c0c826dccab92671dbba3_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\df761d9227da0b465ef68fd1dc68ae1a_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\dfde8281e6800a92914661e7940042de_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\dff29ad444418eb39572590e53720b42_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e033d294686ce814bfad149a56a76e43_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2227dc33e534523ccc351284af106b3_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2422fd3b2400cd863cb86f65bf72b2d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2440487c3a2a8e6cced6cbf5ed7e1bd_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e29dbba9a8ebf7574f66d5bed4cde61f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2d16eefa8c0ccae8c4f9705ad5b6195_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2ddfabab1fd83b8446bc75d5561f262_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e31c48bbdfbf4c64023f3bce8e7eefd8_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e31c6df3d96b302051a36ca5cf1272c1_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e383eea5edbecfed2c3e203a0dec62dd_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e384d0e4d1d92cc62ac4ded58f1da44c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e3f2cfb9783026ffeaca7cabd7735e74_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e45f37c970f49d83c1f634997a0df5ae_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e496f235376e17cda9e705937fe18500_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e53f4f8717585cd1a810d43c3e3bb267_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e6103ce1827cf7ca2c036939a65a8693_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e62d6068613d3c919909a9242fa92fec_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e735407530f6815a638e31da7c27fdbb_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e7d56c98e95326780f61c2a944d87a30_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e7d61711001c04c60dcba854ef286f3b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e7e6d8edd3e39aef4f4ed27213860fcb_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e819c9c16a67cba53dfafc069877650e_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e8506d836e5f4e0fcc25f4a1a6780860_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e8563092d705d1a2acac392c021cdef5_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e859c284c6aeb8b890c6db7d4d4a4061_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e85adb43a577fd8b42aca417aa03d369_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e939d90436c8a4a2693966b3666acc11_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e997eb90acc4fba8d3d00ecf4a05dd0c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e9b86a5f96dab1989b4b5f3c6ad38590_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea18cc6be384e976a5493f7ddf8f5f9c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\eaf930ba834104b9201e863041e286fb_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ebdd5716f4c48e1491b30c851cb749ab_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ec3f2e0c53c292790d3da423458e8c3b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ec96eb6c30a0b3fec52f20a7574be1fa_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed207d66cace32c1739b35c79a535639_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed4358f0b59b001cdccc85aa92e254ff_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed49e6871dd24a0095779998e5a17059_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ef96282aa72c8c762240c94b2361d8a4_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\efe01287733f462829242526400f0a00_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f01a113756a439561baf02713b6c47b6_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f02d4b33b871f3cf047409013e578338_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f081349096121712925842c5ac1dadc7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f091656cb5f162ef8ff2719a264fbdcb_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f0992a03f2c6cb9dc23e3cc0e33218cd_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f0ab54f081a5c8b91424f89fb0e2f5d6_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f0f94d2f7ff70cb84014305ad95f9868_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f0fef7445d2d4939da4c812ba57b9d87_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f13293cdcf4b50d0e613d5cc8d170b1d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f177c42af91ce60f624110579935331f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f1a6d655d1af0ec8283b0ebbf47995ba_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f1ae7531544c3dcef7f9d37b46e0b185_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f1b83b582a8da4f5d814492ad7e917f7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f24da61bc3cacab2a6618540929fc567_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2cb22d71a402fe248927886a443085c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f392b92c1cc78443364d99cbe66e28b0_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f44b190c5808a94e9bad8c6af3253632_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f599518023503ee07c115f41bd983eb8_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f59a0ec73a93d0b1308cc1df3517ae76_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f5a284ee634d2f70ba3aff523aee2cf7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f5b19b2a041906869fa85dfde620ef16_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f657e88937f3570abbb3d4efb85a12e9_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f6b4698eac880b48cfaf0167899c45b7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f73f917f87fae71ad4dd4dc6f0df225b_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f862300f17ee7cbdd34ca6defe1e8e46_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f879689cf4e389d3950b3a34e0bf5395_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8b663ab409375bf2034ef1aa3e8de71_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8ec05b6e9810b81fad39122f9d60ed7_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa520ae90909b5070e4e50fc48f55518_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb6b91c0a9de735bfdca7d048eae5e07_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc491fa57a3cab22f3fbba55866aa043_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\fceb2b08864e2890b286bb6e8e63addf_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\fcf7ad361e97c949d984e35e23a5015d_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd2b21646e96eae417714cfdf539db95_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd8e8d7c4150c999dffc395a67a36a9c_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\fdafa69a74bbf70be601a47080e1f024_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe279c8d5c6c558b4497a5264df56c82_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe2d169b3d1cb43f51e9f9649c4e5b48_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe973056275734bc9f0c226be6f7b409_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff42d7ba83a7ab926d356189d0e477b6_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff449526390f6e5b7d9565cd5f74429f_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff6309dcc88ef89edc6e4ab986551b89_51c597e0-d636-4eb7-b49c-fc386d03725c Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Windows Defender\Support\MPLog-01132008-164336.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\dscrp\DSCN0155.JPG.459a0406.mpd Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\dscrp\DSCN0156.JPG.459a040e.mpd Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\dscrp\DSCN0157.JPG.459a041e.mpd Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\dscrp\DSCN0158.JPG.459a0424.mpd Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\dscrp\DSCN0159.JPG.459a0428.mpd Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\dscrp\DSCN0160.JPG.459a042c.mpd Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\dscrp\DSCN0161.JPG.459a0434.mpd Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\dscrp\DSCN0162.JPG.459a0438.mpd Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\dscrp\DSCN0163.JPG.459a0450.mpd Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\dscrp\DSCN0164.JPG.459a0456.mpd Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\dscrp\DSCN0165.JPG.459a045a.mpd Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\dscrp\DSCN0166.JPG.459a0460.mpd Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\dscrp\DSCN0167.JPG.459a0472.mpd Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\dscrp\DSCN0177.JPG.459a0f50.mpd Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\dscrp\DSCN0178.JPG.459a0f64.mpd Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\dscrp\DSCN0180.JPG.459a0fb2.mpd Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\preview\DSCN0155.JPG.459a0406.jpg Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\preview\DSCN0156.JPG.459a040e.jpg Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\preview\DSCN0157.JPG.459a041e.jpg Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\preview\DSCN0158.JPG.459a0424.jpg Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\preview\DSCN0159.JPG.459a0428.jpg Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\preview\DSCN0160.JPG.459a042c.jpg Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\preview\DSCN0161.JPG.459a0434.jpg Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\preview\DSCN0162.JPG.459a0438.jpg Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\preview\DSCN0163.JPG.459a0450.jpg Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\preview\DSCN0164.JPG.459a0456.jpg Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\preview\DSCN0165.JPG.459a045a.jpg Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\preview\DSCN0166.JPG.459a0460.jpg Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\preview\DSCN0167.JPG.459a0472.jpg Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\preview\DSCN0177.JPG.459a0f50.jpg Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\preview\DSCN0178.JPG.459a0f64.jpg Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\preview\DSCN0180.JPG.459a0fb2.90.jpg Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\scratch\01 Super Disco Breakin'.m4a.4427a011.wma Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\scratch\06 Joker And The Thief.m4a.45453a97.wma Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\scratch\DSCN0168.MOV.459a0582.wmv Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\scratch\DSCN0169.MOV.459a0b0c.wmv Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\scratch\DSCN0170.MOV.459ad98c.wmv Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\scratch\DSCN0171.MOV.459a0c3c.wmv Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\scratch\DSCN0172.MOV.459a0c76.wmv Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\scratch\DSCN0173.MOV.459a0e0a.wmv Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies\030625\scratch\DSCN0176.MOV.459a0f0a.wmv Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\LiveUpdate\2008-02-02_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtETmp\2D5D8414.TMP Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtETmp\E15B1BEF.TMP Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS01C5BF6E-6BFF-43A7-9105-04A26425A27F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS01D6A837-5CED-4C48-8392-7289803632B9.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS0963E8E8-2A98-4FB9-BFD6-EC66159A12FE.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS0B471CC0-74C8-4E78-9238-99EE6542F9CB.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS0B6E5C59-0327-4CE2-B249-E40D2D2C1ED5.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS105E4B12-9876-4155-86D2-661FF44EA58E.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS1B1ED28C-004D-4168-A4A0-C939B9526022.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS1C5B3BAB-1156-4500-A2A2-CAC66FE69971.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS1C9444BA-AD85-4425-8557-69A54B8BBDA2.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS1DC5A78E-E1D8-4350-9F6B-8FF707F8CDA1.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS24640A7E-20A4-4CAB-BEF3-1A6118FDE1BE.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS285F6171-9EAC-4F54-AD7D-70CC502C8A55.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS2BFC905D-8D59-4280-8845-E36FB4F01AE7.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS2CFB9C36-BB0A-4207-8D04-03801819896A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS322BFF91-2DD9-4941-B402-C2C2C989D70E.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS38C19055-2177-4CDC-864F-B995DDAD2C39.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS395C7FF6-592B-49EE-ACF4-BB830C8410D7.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS3C9767E6-92B2-4606-AF7B-706D919662B4.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS3E0BDABC-5845-444F-9B78-A5E4C5D685C8.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS3F56CC1B-1A3C-469E-9093-E6B5B6BD64F1.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS41050E16-CA64-49CA-B5E0-682FE61890D4.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS416420B1-F787-43DF-8EBE-AC448972487E.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS43C35B18-B454-47A7-BF70-248C5F267C4E.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS477EC58E-F981-4853-BCA7-0566FD828691.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS47BE9F09-537C-408A-BA1B-4E331A8C8788.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS4873E815-43FA-4DEA-A73E-2D93D13E3C85.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS4D3BA1C0-8764-4F21-9279-0A2AC7B85C55.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS4D8DC32A-B270-4EB6-9E5E-8AE4C245872B.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS528769EE-A820-44CF-AD03-2DEE5BA0295B.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS54B8125B-5115-4556-9146-D436B135E557.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS5A1488BD-8929-4B2E-84B0-02272CFA8A10.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS5B17E32C-855C-44C8-B230-67C59E2B6020.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS5C0B52F7-F282-4F61-A529-BB135F9FC60E.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS623AB5C9-B617-48E0-B446-990E8D8052CB.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS65CFF839-E180-4ECA-BD75-52497E9E9F29.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS674FB12B-C62A-42B5-A953-11AE4C1888D6.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS6E9EF98F-AE4B-441A-A4DE-8EF6F30AAD7E.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS6EEEBD95-0632-4E1E-85F7-4A95258C15DF.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS771322A9-63A3-4736-8CC4-96553D934529.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS7850E4D5-1832-4E8F-94D3-1E91727B6E4B.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS7B54FCCC-4D8E-4E08-BC44-C3CF1800A031.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS7C788BCD-0350-453B-99A7-71F8B225CA56.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS7D269735-7BA0-4CD3-A319-AB830AB87840.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS7EC7E2B5-597F-4C5D-9019-192C6CB3F51F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS7F205478-E848-43C1-AF7D-868B8BF240CD.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS81E018F0-A9D4-45F9-9D12-40654E8D1AEA.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS8286184A-717D-42E2-BBDB-F132F8D790C7.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS83444B69-4C66-4DD8-BEE4-6B9190A20474.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS8AB93D79-C577-4489-BFD4-B8DE52F13E2A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS8C761B6E-E8E2-4980-92B8-C5722828F870.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS8D6417C8-7E31-4E98-8CEE-922B45F5BEE5.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS8DEDE190-0676-44BF-9FBC-3F498C5B29A3.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS8DF4948D-D853-41D6-96F6-FE42F289A01D.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS8F2EBB9B-B4C4-462E-B03B-B496F0250B41.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS8F83C622-5CBF-4407-8193-B9B10BA7FF60.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS90C3056B-893A-4BEB-8299-D64D5DB238C1.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS95D3F499-D0CD-419B-A80C-D32B7DC99901.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMS97ACC698-3F4F-4DA8-A783-449DCB100262.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSA02517CF-0FFD-44CB-BCC2-37CF656AB2B2.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSA0DAB693-AA92-4D77-AEAE-B7E158A82DB8.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSA3C13F08-ECBA-47DD-98A9-A0464FA1EBEB.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSA424F83C-5FF4-4EB7-8749-D21C291E6B0C.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSA7C5866F-02AB-4C7B-B0FD-1FF0189D11E6.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSADB148BB-3B6D-481E-ACC0-BA571EC2C7CD.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSB0288D9F-3459-465C-AB1C-F94C021DCD84.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSB18693AA-937D-4AD2-ACF4-62E58E6516F4.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSB4BAFCEB-EC9E-4CD0-9321-8245E4067A86.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSB62734B6-F609-4007-8DDA-B91FC714D07B.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSBCC9665E-C76F-4A0F-93BB-E9850B63A349.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSC22F215C-FBF4-4D65-B7D2-04247DA082E6.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSC75BBC18-3D9B-416E-A412-E892E5EDB835.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSC7634660-CA79-46CC-8D80-04F76757F94F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSCCF55017-6A1C-43B3-8072-4875D1F79130.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSD08BA09D-2674-4300-A722-1D4A107E3FB5.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSD348C2E7-551D-4AEF-B711-9B1BDDD8A067.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSD3550D25-0253-4958-9371-122B56DACF86.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSD5C13972-24C8-4E78-926E-C8B019AF7313.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSDBA45999-862A-4769-9559-52A41879065A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSDC85E835-EABA-42CD-9A77-BA27D14561C1.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSE101F640-C632-4A52-9CC6-E97E115461B7.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSE243433F-AF7B-4399-ACD9-5D50FDD10BF6.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSE65DCE1E-C542-409A-BE35-04845037A3C6.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSEC2B15F7-8C73-48CF-B73F-F85A7F68DC8A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSF29FA6D3-21E1-4C8B-826C-0B49390323B8.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSF3B87FF6-8D44-435F-809A-D5B106B3D700.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSF61008E8-36E0-48B7-A988-5EDEA39B478A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSFA46271F-1C7B-4F03-845B-BDBF2DF75ECB.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSFDDE866C-765D-418F-BBEA-A04AD18817EB.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSMSFFA06533-FAEA-4BCB-BAE2-30F0F81D5631.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\nathan.NAYFEN\Application Data\Webroot\Spy Sweeper\Logs\080130144952.ses Object is locked skipped
C:\Documents and Settings\nathan.NAYFEN\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\nathan.NAYFEN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\nathan.NAYFEN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\nathan.NAYFEN\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{7189BE53-396A-4F3E-82A4-85B64ED777FF} Object is locked skipped
C:\Documents and Settings\nathan.NAYFEN\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\nathan.NAYFEN\Local Settings\Temp\~DF77D5.tmp Object is locked skipped
C:\Documents and Settings\nathan.NAYFEN\Local Settings\Temp\~DF77FA.tmp Object is locked skipped
C:\Documents and Settings\nathan.NAYFEN\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\nathan.NAYFEN\ntuser.dat Object is locked skipped
C:\Documents and Settings\nathan.NAYFEN\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\itouch_crash_info.txt Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\L0000001.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\nathan\Data\storydb.idx Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\_restore{799F070A-86CE-4C8F-8A32-8C24C86CFA7D}\RP41\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9E00950D-B9B0-46D5-915E-253E6BC26481}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:59 AM, on 3/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O4 - HKLM\..\Run: [nForce Tray Options] "sstray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134977661250
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9748 bytes

#12 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:39 AM

Posted 02 February 2008 - 08:01 PM

Hello nayfen,

there is a noticable difference in how the computer is running. the cpu dose not spike and and spend prolong periods of time at 100%. I did however run spy sweeper again after deleting trhe trace and running kaspersky and it is still bringing up linkoptimizer and can not quarantine it.


Could you please post me a report by spy sweeper? I need to see what is detected and the location as well. Thanks.

Edited by SNOWHITE, 02 February 2008 - 08:02 PM.

SNOWHITE
Posted Image

#13 nayfen

nayfen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 03 February 2008 - 10:18 PM

1:15 PM: Removal process completed. Elapsed time 00:00:01
1:15 PM: Failed to quarantine HKLM: software\classes\clsid\{e3a77057-d10b-b02a-d823-22e020c583b5}\
1:15 PM: Failed to quarantine clsid\{e3a77057-d10b-b02a-d823-22e020c583b5}\
1:15 PM: Failed to quarantine linkoptimizer
1:15 PM: Warning: QuarantineRegistryKey: TBZipFileCompressor.Compress: Cannot compress a file or directory that does not exist (C:\WINDOWS\TEMP\SST3350).
1:15 PM: Warning: QuarantineRegistryKey: TBZipFileCompressor.Compress: Cannot compress a file or directory that does not exist (C:\WINDOWS\TEMP\SST3348).
1:15 PM: Quarantining All Traces: linkoptimizer
1:15 PM: Removal process initiated
1:05 PM: Traces Found: 2
1:05 PM: Full Sweep has completed. Elapsed time 00:13:46
1:05 PM: File Sweep Complete, Elapsed Time: 00:08:03
1:05 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
1:05 PM: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.
1:05 PM: Warning: Failed to open file "c:\documents and settings\all users.windows\application data\symantec\e15b1bef.tmp". The operation completed successfully
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\twain32\jpegim32.flt". "c:\windows\twain32\jpegim32.flt": File not found
1:04 PM: Warning: Failed to open file "c:\documents and settings\all users.windows\application data\symantec\2d5d8414.tmp". The operation completed successfully
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\common files\microsoft shared\textconv\ieproxy.dll". "c:\program files\common files\microsoft shared\textconv\ieproxy.dll": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\common files\microsoft shared\msinfo\dhtmled.ocx". "c:\program files\common files\microsoft shared\msinfo\dhtmled.ocx": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\common files\microsoft shared\textconv\hmmapi.dll". "c:\program files\common files\microsoft shared\textconv\hmmapi.dll": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\twain32\emfimp32.flt". "c:\windows\twain32\emfimp32.flt": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\common files\system\msioff9.ocx". "c:\program files\common files\system\msioff9.ocx": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\twain32\cdrimp32.flt". "c:\windows\twain32\cdrimp32.flt": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\twain32\wpgexp32.flt". "c:\windows\twain32\wpgexp32.flt": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\common files\microsoft shared\msinfo\triedit.dll". "c:\program files\common files\microsoft shared\msinfo\triedit.dll": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\system32\color\3deep\bs_def.dll". "c:\windows\system32\color\3deep\bs_def.dll": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\twain32\wmfimp32.flt". "c:\windows\twain32\wmfimp32.flt": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\system32\color\3deep\biosinfo.dll". "c:\windows\system32\color\3deep\biosinfo.dll": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\system32\color\3deep\asusbios.dll". "c:\windows\system32\color\3deep\asusbios.dll": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\system32\color\3deep\asussite.dll". "c:\windows\system32\color\3deep\asussite.dll": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\twain32\wpgimp32.flt". "c:\windows\twain32\wpgimp32.flt": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\twain32\pictim32.flt". "c:\windows\twain32\pictim32.flt": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\system32\color\3deep\asmultilang.dll". "c:\windows\system32\color\3deep\asmultilang.dll": File not found
1:04 PM: Warning: Failed to read file "c:\windows\system32\color\3deep\asmultilang.dll". "c:\windows\system32\color\3deep\asmultilang.dll": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\system32\color\3deep\gifview.dll". "c:\windows\system32\color\3deep\gifview.dll": File not found
1:04 PM: Warning: Failed to read file "c:\windows\system32\color\3deep\gifview.dll". "c:\windows\system32\color\3deep\gifview.dll": File not found
1:04 PM: Warning: Failed to read file "c:\windows\twain32\ms.fpx". "c:\windows\twain32\ms.fpx": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\twain32\bmpimp32.flt". "c:\windows\twain32\bmpimp32.flt": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\twain32\pcximp32.flt". "c:\windows\twain32\pcximp32.flt": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\common files\system\offprvps.dll". "c:\program files\common files\system\offprvps.dll": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\common files\system\offprov.exe". "c:\program files\common files\system\offprov.exe": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\snapshot viewer\msndevmanres.dll". "c:\program files\snapshot viewer\msndevmanres.dll": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\twain32\pcdimp32.flt". "c:\windows\twain32\pcdimp32.flt": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\common files\microsoft shared\grphflt\solver32.dll". "c:\program files\common files\microsoft shared\grphflt\solver32.dll": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\twain32\epsimp32.flt". "c:\windows\twain32\epsimp32.flt": File not found
1:04 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\common files\microsoft shared\textconv\iedw.exe". "c:\program files\common files\microsoft shared\textconv\iedw.exe": File not found
1:03 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\twain32\png32.flt". "c:\windows\twain32\png32.flt": File not found
1:03 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\common files\system\ieinfo5.ocx". "c:\program files\common files\system\ieinfo5.ocx": File not found
1:03 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\twain32\tiffim32.flt". "c:\windows\twain32\tiffim32.flt": File not found
1:03 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\twain32\gifimp32.flt". "c:\windows\twain32\gifimp32.flt": File not found
1:03 PM: Warning: DDA Failure, error reading MFT: 4924. of: 139328. Fragments: 5. TVolumeNtNTFS.Read failed 1: Read starts at: 0x991AD8000 Len :0x400
12:59 PM: Warning: DDA Failure, error reading MFT: 4703. of: 139328. Fragments: 5. TVolumeNtNTFS.Read failed 1: Read starts at: 0x991AA0C00 Len :0x400
12:59 PM: Warning: DDA Failure, error reading MFT: 4702. of: 139328. Fragments: 5. TVolumeNtNTFS.Read failed 1: Read starts at: 0x991AA0800 Len :0x400
12:57 PM: Starting File Sweep
12:57 PM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
12:57 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:57 PM: Starting Cookie Sweep
12:57 PM: Registry Sweep Complete, Elapsed Time:00:00:18
12:57 PM: HKLM\software\classes\clsid\{e3a77057-d10b-b02a-d823-22e020c583b5}\ (ID = 1597455)
12:57 PM: HKCR\clsid\{e3a77057-d10b-b02a-d823-22e020c583b5}\ (ID = 1597453)
12:57 PM: Found Adware: linkoptimizer
12:57 PM: Starting Registry Sweep
12:57 PM: Memory Sweep Complete, Elapsed Time: 00:05:13
12:52 PM: Starting Memory Sweep
12:52 PM: Start Full Sweep
12:52 PM: Sweep initiated using definitions version 1080
12:51 PM: Spy Sweeper 5.5.7.124 started
12:51 PM: | Start of Session, Monday, 4 February 2008 |
***************

#14 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:39 AM

Posted 09 February 2008 - 07:39 PM

Hello nayfen,

My apologies for the delay. The last week was very difficult for me and I also needed time to re-check your reports to make sure I am not missing anything. It seems there is one registry leftover we can try fixing it:
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Scroll down to this post and download to you desktop the attachment fixme.reg.

Locate fixme.reg on your Desktop and double-click on it. It should look like this -> Posted Image
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Reboot the computer.

After doing the above instructions let me know if webroot is still detecting linkoptimizer.

Regards,

Attached Files


SNOWHITE
Posted Image

#15 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:39 AM

Posted 24 February 2008 - 03:49 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Thank you :thumbsup:
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users