Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacked


  • This topic is locked This topic is locked
28 replies to this topic

#1 rbrindisi

rbrindisi

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 02 February 2008 - 12:28 PM

:thumbsup:

I have been working on this problem for about 20 hours over the past week. When I browse Web pages I get redirected to pages that I do not want. Examples: scanner2.malware, Jokeroo, Zedo, Trustedantivirus, performanceoptimizer, bestsellingantivirus, and my all time favorite Hornymatches.com. I have Norton360 installed. Since this problem started I have installed Spybot, Ad-Aware, and SpyHunter. All applications find and remove viruses and Trojans, even in safe mode. But when I restart normally I instantly begin getting redirected. I am at the end of my rope and decided to ask for some outside help. I have installed, run, and attached the HiJackthis log below. Any help would be greatly appreciated.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:08 PM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Virtual Server\vmh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\rbrindisi\My Documents\Downloads\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase2474.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158285914687
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12467 bytes

BC AdBot (Login to Remove)

 


#2 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 02 February 2008 - 05:40 PM

Hello and Welcome to Bleeping Computer.

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Please give me some time to analyze your log, and I will post back with instructions ASAP.


Posted Image


#3 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 02 February 2008 - 08:00 PM

Hello rbrindisi,

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm


Posted Image


#4 rbrindisi

rbrindisi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 03 February 2008 - 10:24 AM

SmitFraudFix v2.279

Scan done at 10:22:40.59, Sun 02/03/2008
Run from C:\Documents and Settings\rbrindisi\My Documents\Downloads\Smithfraud\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Virtual Server\vmh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\HPZinw12.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\rbrindisi


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\rbrindisi\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\RBRIND~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Helper\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 167.206.245.130
DNS Server Search Order: 167.206.245.129

HKLM\SYSTEM\CCS\Services\Tcpip\..\{629CD3E8-590E-4039-A018-0729665A7CB3}: DhcpNameServer=167.206.245.130 167.206.245.129
HKLM\SYSTEM\CS1\Services\Tcpip\..\{629CD3E8-590E-4039-A018-0729665A7CB3}: DhcpNameServer=167.206.245.130 167.206.245.129
HKLM\SYSTEM\CS2\Services\Tcpip\..\{629CD3E8-590E-4039-A018-0729665A7CB3}: DhcpNameServer=167.206.245.130 167.206.245.129
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=167.206.245.130 167.206.245.129


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#5 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 04 February 2008 - 06:39 PM

Hello again,

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.



Then



Please download Deckard's System Scanner (DSS) to your desktop.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, a text file will open - Main.txt
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
  • An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
  • Please go to that folder and also copy the contents of Extra.txt to your post as well.
Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.


Posted Image


#6 rbrindisi

rbrindisi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 04 February 2008 - 08:53 PM

I completed the steps outlined in your last post; the logs are shown below. Please note that when I re-booted in normal mode, after running SmitfraudFix.exe, my Norton360 deleted the Trojan.Vundo.

Thank you for all your help.


SmitFraudFix v2.279

Scan done at 20:14:34.06, Mon 02/04/2008
Run from C:\Documents and Settings\rbrindisi\My Documents\Downloads\Smithfraud\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts



»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\Helper\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{629CD3E8-590E-4039-A018-0729665A7CB3}: DhcpNameServer=167.206.245.130 167.206.245.129
HKLM\SYSTEM\CS1\Services\Tcpip\..\{629CD3E8-590E-4039-A018-0729665A7CB3}: DhcpNameServer=167.206.245.130 167.206.245.129
HKLM\SYSTEM\CS2\Services\Tcpip\..\{629CD3E8-590E-4039-A018-0729665A7CB3}: DhcpNameServer=167.206.245.130 167.206.245.129
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=167.206.245.130 167.206.245.129
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=167.206.245.130 167.206.245.129
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=167.206.245.130 167.206.245.129


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End







Deckard's System Scanner v20071014.68
Run by rbrindisi on 2008-02-04 20:25:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-05 01:25:35 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as rbrindisi.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:54 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Virtual Server\vmh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\rbrindisi\My Documents\Downloads\Deckards Sys Scan\dss.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\PROGRA~1\HIJACK~1\rbrindisi.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\HPZinw12.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {C5750901-CCB0-498E-9E49-23F4F7507F0D} - C:\WINDOWS\system32\jkkjk.dll
O2 - BHO: (no name) - {CB425ECD-A4B6-4E21-8935-4EEF224DEF4D} - (no file)
O2 - BHO: (no name) - {F0EFF522-9FBF-4C15-980E-D66224406DC0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase2474.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158285914687
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14156 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
R0 timounter (Acronis TrueImage Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 tifsfilter (Acronis TrueImage FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; TrueImage>

S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AcrSch2Svc (Acronis Scheduler2 Service) - "c:\program files\common files\acronis\schedule2\schedul2.exe" <Not Verified; Acronis; Acronis Scheduler 2>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-02-04 15:00:31 450 --a------ C:\WINDOWS\Tasks\SpyHunter Scanner.job


-- Files created between 2008-01-04 and 2008-02-04 -----------------------------

2008-02-04 15:31:15 88128 --a------ C:\WINDOWS\system32\dmqfstai.dll
2008-02-04 15:28:15 93248 --a------ C:\WINDOWS\system32\jndxwjhq.dll
2008-02-03 15:30:24 88640 --a------ C:\WINDOWS\system32\aqwgajsl.dll
2008-02-03 15:27:24 92736 --a------ C:\WINDOWS\system32\jvrqxyui.dll
2008-02-03 10:22:44 3590 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-02 15:28:46 88128 --a------ C:\WINDOWS\system32\gidtfofe.dll
2008-02-02 15:28:37 96832 --a------ C:\WINDOWS\system32\ysvymjwa.dll
2008-02-02 12:55:56 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-01 20:19:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-01 15:27:52 92224 --a------ C:\WINDOWS\system32\jcnihrlg.dll
2008-02-01 15:22:44 92736 --a------ C:\WINDOWS\system32\abmlbigh.dll
2008-01-30 20:44:33 92736 --a------ C:\WINDOWS\system32\lwkdfmlx.dll
2008-01-29 12:22:39 0 --a------ C:\WINDOWS\system32\juyaxflv.dll
2008-01-29 12:13:39 0 --a------ C:\WINDOWS\system32\iicqpedf.dll
2008-01-28 12:24:21 147520 --a------ C:\WINDOWS\system32\somxnoxy.dll
2008-01-28 12:12:21 72200 --a------ C:\WINDOWS\system32\bhsgotsj.dll
2008-01-27 14:08:34 0 d-------- C:\Program Files\Lavasoft
2008-01-27 14:08:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-27 14:08:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-27 13:31:17 0 d-------- C:\Program Files\RogueRemover FREE
2008-01-27 13:29:02 0 d-------- C:\Program Files\RogueRemover
2008-01-27 13:19:53 0 d-------- C:\Documents and Settings\rbrindisi\Application Data\Lavasoft
2008-01-27 12:18:57 147520 --a------ C:\WINDOWS\system32\eacnukkl.dll
2008-01-27 12:12:54 75475 --a------ C:\WINDOWS\system32\puhrmwwi.dll
2008-01-27 10:21:18 89152 --a------ C:\WINDOWS\system32\alirwvlc.dll
2008-01-27 00:26:29 73460 --a------ C:\WINDOWS\system32\redmhavi.dll
2008-01-26 23:23:28 321800 --ahs---- C:\WINDOWS\system32\tvvwa.ini2
2008-01-26 23:23:25 331776 --a------ C:\WINDOWS\system32\awvvt.dll
2008-01-26 20:24:25 75475 --a------ C:\WINDOWS\system32\vglhpqpu.dll
2008-01-26 12:17:45 0 d-------- C:\Program Files\Norton 360
2008-01-26 11:54:00 0 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-01-25 20:10:58 5634 --ahs---- C:\WINDOWS\system32\kjkkj.ini2
2008-01-25 20:10:36 321024 --a------ C:\WINDOWS\system32\jkkjk.dll
2008-01-25 19:52:39 54764 --a------ C:\WINDOWS\system32\drivers\fak32.sys
2008-01-25 18:23:00 0 d-------- C:\Program Files\PowerISO
2008-01-24 22:54:44 0 d-------- C:\Documents and Settings\rbrindisi\Application Data\Ethereal
2008-01-24 22:38:06 0 d-------- C:\Program Files\Ethereal
2008-01-23 20:05:56 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZipEC
2008-01-23 20:04:00 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-23 20:02:57 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-23 18:12:22 0 d-------- C:\WINDOWS\vbSkinner
2008-01-23 00:11:46 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-23 00:11:35 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-22 22:34:32 0 d-------- C:\Documents and Settings\rbrindisi\Application Data\BitTorrent
2008-01-22 22:34:25 0 d-------- C:\Program Files\DNA
2008-01-22 22:34:25 0 d-------- C:\Documents and Settings\rbrindisi\Application Data\DNA
2008-01-22 22:34:24 0 d-------- C:\Program Files\BitTorrent
2008-01-21 20:44:39 0 d-------- C:\Program Files\Microsoft Virtual Server
2008-01-21 17:25:18 57344 --a------ C:\WINDOWS\system32\KWebFarm.dll <Not Verified; Kaplan IT; WebFarm>
2008-01-21 17:25:17 32768 --a------ C:\WINDOWS\system32\webCryption.dll <Not Verified; Self Test Software; webCryption>
2008-01-21 17:25:17 659456 --a------ C:\WINDOWS\system32\KUserService.dll <Not Verified; Kaplan IT; UserService>
2008-01-21 17:25:17 495616 --a------ C:\WINDOWS\system32\KDataService.dll <Not Verified; Kaplan IT; DataService>
2008-01-21 17:25:17 45056 --a------ C:\WINDOWS\system32\KCommon.dll <Not Verified; Kaplan IT; Common>
2008-01-21 17:25:17 172032 --a------ C:\WINDOWS\system32\KBusinessService.dll <Not Verified; Kaplan IT; BusinessService>
2008-01-21 17:25:17 24576 --a------ C:\WINDOWS\system32\IKUserInterface.dll <Not Verified; Kaplan IT; IUserInterface>
2008-01-21 17:25:17 20480 --a------ C:\WINDOWS\system32\IKLiveInterface.dll <Not Verified; Kaplan IT; IKLiveInterface>
2008-01-21 17:25:17 24576 --a------ C:\WINDOWS\system32\IKDataInterface.dll <Not Verified; Kaplan IT; IDataInterface>
2008-01-21 17:25:17 20480 --a------ C:\WINDOWS\system32\IKCryptionInterface.dll <Not Verified; Kaplan IT; ICryptionInterface>
2008-01-21 17:25:17 20480 --a------ C:\WINDOWS\system32\IKBusinessInterface.dll <Not Verified; Kaplan IT; IBusinessInterface>
2008-01-21 17:25:16 56 --a------ C:\WINDOWS\system32\nett12.dll
2008-01-21 16:10:40 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-01-20 02:07:58 33292 --a------ C:\WINDOWS\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
2008-01-14 22:40:00 6 --a------ C:\WINDOWS\system32\mkghj.dll
2008-01-14 22:35:20 0 d-------- C:\WINDOWS\CAVTemp
2008-01-14 22:15:36 0 d-------- C:\WINDOWS\rnapxs
2008-01-11 21:47:46 0 d-------- C:\WINDOWS\system32\runtime
2008-01-04 23:36:57 0 d-------- C:\Program Files\Apperson


-- Find3M Report ---------------------------------------------------------------

2008-02-04 20:28:03 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-27 14:08:13 0 d-------- C:\Program Files\Common Files
2008-01-26 14:16:12 0 d-------- C:\Documents and Settings\rbrindisi\Application Data\Symantec
2008-01-26 13:05:07 0 d-------- C:\Program Files\Symantec
2008-01-23 21:37:29 1000 --a------ C:\Program Files\UltimateBet.dat
2008-01-23 21:31:04 0 d-------- C:\Program Files\Update
2008-01-23 00:11:52 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-23 00:11:52 0 d-------- C:\Documents and Settings\rbrindisi\Application Data\Adobe
2008-01-22 21:34:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-22 19:41:02 0 d-------- C:\Program Files\Quicken
2008-01-21 19:51:36 0 d-------- C:\Program Files\Transcender
2008-01-21 16:08:50 0 d-------- C:\Program Files\STOPzilla!
2008-01-20 23:14:38 0 d-------- C:\Program Files\Avery Wizard 3.0
2008-01-18 21:07:44 82505 --a------ C:\Program Files\INSTALL.LOG
2008-01-16 20:03:53 0 d-------- C:\Program Files\Google
2008-01-15 09:16:17 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-14 22:03:06 0 d-------- C:\Documents and Settings\rbrindisi\Application Data\GetRightToGo
2007-12-28 23:15:36 0 d-------- C:\Program Files\MSECache
2007-12-28 17:42:05 0 d-------- C:\Documents and Settings\rbrindisi\Application Data\WinRAR


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5750901-CCB0-498E-9E49-23F4F7507F0D}]
01/25/2008 08:10 PM 321024 --a------ C:\WINDOWS\system32\jkkjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB425ECD-A4B6-4E21-8935-4EEF224DEF4D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0EFF522-9FBF-4C15-980E-D66224406DC0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]
"@"="" []
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [01/20/2008 02:05 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/17/2007 08:54 PM]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [09/29/2005 05:12 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/31/2003 06:42 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 03:18 PM]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [09/03/2004 03:58 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [09/29/2005 05:12 PM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [05/10/2007 10:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/31/2007 06:54 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 12:39 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\rbrindisi\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [3/17/2005 2:06:14 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [5/14/2007 5:48:37 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [9/25/2006 8:25:15 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2/10/2006 7:56:20 AM]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [3/17/2005 2:06:14 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"NoLogOff"=0 (0x0)
"NoRun"=0 (0x0)
"NoFind"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoNetSetup"=0 (0x0)
"NoPrinters"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
xxyvurs.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkjk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05fc55c3-c6be-11dc-b89d-001731958718}]
AutoRun\command- I:\Launch.exe /run

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-02-04 20:30:02 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 3.40GHz
CPU 1: Intel® Pentium® D CPU 3.40GHz
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 2047.23 MiB / 1388.28 MiB
Pagefile Memory (total/avail): 3943.5 MiB / 3400.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.21 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 279.46 GiB total, 263.79 GiB free.
D: is Fixed (NTFS) - 232.88 GiB total, 197.17 GiB free.
E: is Removable (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3300622A - 279.46 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 279.46 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD2500JB-32EVA0 - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - D:

\\.\PHYSICALDRIVE2 - HP Photosmart C6180 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Microsoft Virtual Server\\vssrvc.exe"="C:\\Program Files\\Microsoft Virtual Server\\vssrvc.exe:*:Enabled:Virtual Server"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\\setup\\HPZNET01.EXE"="G:\\setup\\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"G:\\setup\\HPONICIFS01.EXE"="G:\\setup\\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"F:\\setup\\HPZNET01.EXE"="F:\\setup\\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"F:\\setup\\HPONICIFS01.EXE"="F:\\setup\\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Microsoft Virtual Server\\vssrvc.exe"="C:\\Program Files\\Microsoft Virtual Server\\vssrvc.exe:*:Enabled:Virtual Server"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\system32\\wphkop.exe"="C:\\WINDOWS\\system32\\wphkop.exe:*:Enabled:wphkop"
"C:\\DOCUME~1\\RBRIND~1\\LOCALS~1\\Temp\\win30.exe"="C:\\DOCUME~1\\RBRIND~1\\LOCALS~1\\Temp\\win30.exe:*:Enabled:win30"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\rbrindisi\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RLB
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\rbrindisi
LOGONSERVER=\\RLB
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Support Tools\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\RBRIND~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\RBRIND~1\LOCALS~1\Temp
USERDOMAIN=RLB
USERNAME=rbrindisi
USERPROFILE=C:\Documents and Settings\rbrindisi
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Robert L Brindisi (admin)
rbrindisi (admin)
ASPNET
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
Acronis True Image --> MsiExec.exe /X{CA83357B-931E-44DC-AD43-9996FEEB8116}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 8.1.1 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Avery Wizard 3.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{6B10045E-6789-49C4-BFED-52575F5B76BF}
BitTorrent 6.0.1 --> C:\Program Files\BitTorrent\uninst.exe
CadStd --> C:\Program Files\Apperson\CadStd\uninst.exe
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Ethereal 0.99.0 --> "C:\Program Files\Ethereal\uninstall.exe"
GalleryPlayer Images --> C:\WINDOWS\GalleryPlayer Images Uninstaller.exe
GearDrvs --> MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Photos Screensaver --> MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Documents and Settings\rbrindisi\My Documents\Downloads\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office OneNote 2003 --> MsiExec.exe /I{90A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Outlook Web Access S/MIME --> MsiExec.exe /X{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual Server 2005 R2 SP1 --> MsiExec.exe /I{84FAA867-8743-44C3-B22E-B5A152456D77}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_3_0_24\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help --> MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component --> MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
RogueRemover 1.20 --> C:\Program Files\RogueRemover\uninst.exe
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
SuppSoft --> MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
SureThing CD Labeler 4 SE --> C:\WINDOWS\mvuninst\App1\mvuninst.exe "SureThing CD Labeler 4 SE"
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Technical Support Controls --> MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
Symantec Technical Support Web Controls --> MsiExec.exe /X{9743AF47-B746-4324-B4C4-512E67D04370}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Transcender Study Pak: Study Guide Cert-70-292 --> C:\PROGRA~1\TRANSC~1\STUDYG~1\CERT-7~1\UNWISE.EXE C:\PROGRA~1\TRANSC~1\STUDYG~1\CERT-7~1\INSTALL.LOG
Transcender Test Engine --> C:\PROGRA~1\TRANSC~1\UNWISE.EXE C:\PROGRA~1\TRANSC~1\INSTALL.LOG
Transcender: Exam Cert-70-292 --> C:\PROGRA~1\TRANSC~1\EXAMFI~1\EXAMID~1\UNWISE.EXE C:\PROGRA~1\TRANSC~1\EXAMFI~1\EXAMID~1\INSTALL.LOG
TransTrainer for CCNA --> C:\PROGRA~1\TRANSC~1\TRANST~1\Titles\CCNA\UNWISE.EXE C:\PROGRA~1\TRANSC~1\TRANST~1\Titles\CCNA\Install.log
UltimateBet --> C:\PROGRA~1\UNWISE.EXE C:\PROGRA~1\INSTALL.LOG
VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Mobile Daylight Saving Time 2007 Updates --> MsiExec.exe /X{AB46C238-3554-4D79-AB06-C393F87FF202}
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Support Tools --> MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
Windows Vista Upgrade Advisor --> MsiExec.exe /I{B79FBFDD-8B0C-4B8E-B70E-499E39978281}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type21944 / Error
Event Submitted/Written: 02/04/2008 03:49:37 PM
Event ID/Source: 5011 / TrueVector Service
Event Description:
TrueVector engine: [SAPI] 253 C:\WINDOWS\system32\vsdatant.sys

Event Record #/Type21943 / Error
Event Submitted/Written: 02/04/2008 03:49:37 PM
Event ID/Source: 5011 / TrueVector Service
Event Description:
TrueVector engine: [SAPI] 249 2

Event Record #/Type21712 / Error
Event Submitted/Written: 02/02/2008 03:16:59 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BF from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type21711 / Error
Event Submitted/Written: 02/02/2008 03:15:10 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type21710 / Error
Event Submitted/Written: 02/02/2008 03:14:29 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hpqtra08.exe, version 70.0.170.0, faulting module hpzidr12.dll, version 10.1.1.5, fault address 0x00007209.
Processing media-specific event for [hpqtra08.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type62278 / Error
Event Submitted/Written: 02/04/2008 08:19:53 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type62277 / Error
Event Submitted/Written: 02/04/2008 08:19:19 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type62276 / Error
Event Submitted/Written: 02/04/2008 08:14:08 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
eeCtrl
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SCDEmu
SRTSPX
SYMTDI
Tcpip
vmm

Event Record #/Type62275 / Error
Event Submitted/Written: 02/04/2008 08:14:08 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error:
%%1068

Event Record #/Type62274 / Error
Event Submitted/Written: 02/04/2008 08:14:08 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Virtual Server service depends on the Virtual Machine Monitor service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-02-04 20:30:02 ------------

#7 rbrindisi

rbrindisi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 05 February 2008 - 04:18 PM

Please note that my browser is still being redirected. I just got re-directed to Jokeroo!!

#8 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 06 February 2008 - 12:17 AM

Hello again,

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
For more information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**


Posted Image


#9 rbrindisi

rbrindisi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 06 February 2008 - 09:46 PM

ComboFix 08-02.05.3 - rbrindisi 2008-02-06 21:30:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1455 [GMT -5:00]
Running from: C:\Documents and Settings\rbrindisi\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\alirwvlc.dll
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\bhsgotsj.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\clvwrila.ini
C:\WINDOWS\system32\cncvwtun.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\efoftdig.ini
C:\WINDOWS\system32\ghrvbjvt.ini
C:\WINDOWS\system32\gidtfofe.dll
C:\WINDOWS\system32\glrhincj.ini
C:\WINDOWS\system32\iatsfqmd.ini
C:\WINDOWS\system32\imdruann.ini
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\lcyjcirp.ini
C:\WINDOWS\system32\lkkuncae.ini
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mkghj.dll
C:\WINDOWS\system32\nett12.dll
C:\WINDOWS\system32\nutwvcnc.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\puhrmwwi.dll
C:\WINDOWS\system32\redmhavi.dll
C:\WINDOWS\system32\suxhlavb.ini
C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\tvvwa.ini2
C:\WINDOWS\system32\ulfrpovq.dll
C:\WINDOWS\system32\vglhpqpu.dll
C:\WINDOWS\system32\vlfxayuj.ini
C:\WINDOWS\system32\vuibshxg.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\xwtydhxu.ini
C:\WINDOWS\system32\yaroexii.ini
C:\WINDOWS\system32\yxonxmos.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\NPF


((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-05 15:29 . 2008-02-05 15:29 90,688 --a------ C:\WINDOWS\system32\nnaurdmi.dll
2008-02-03 15:30 . 2008-02-03 15:30 294 --ahs---- C:\WINDOWS\system32\lsjagwqa.ini
2008-02-03 10:22 . 2008-02-04 20:14 3,590 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-02 12:56 . 2008-02-02 13:40 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-02 12:56 . 2008-02-02 13:40 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-02 12:56 . 2008-02-02 13:40 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-02 12:55 . 2008-02-02 12:56 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-01 20:19 . 2008-02-01 20:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-01 20:19 . 2008-02-01 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-30 20:50 . 2008-01-30 20:50 74 --ahs---- C:\WINDOWS\system32\lcyjcirp.tmp
2008-01-29 15:36 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-29 15:36 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-29 15:36 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-29 12:13 . 2008-02-01 15:22 13,353 --a------ C:\WINDOWS\BM5f5b9262.xml
2008-01-29 12:13 . 2008-02-01 16:48 22 --a------ C:\WINDOWS\pskt.ini
2008-01-27 17:15 . 2008-01-27 17:15 542,582 --a------ C:\Autoruns.zip
2008-01-27 14:08 . 2008-01-27 14:08 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-27 14:08 . 2008-01-27 14:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-27 14:08 . 2008-01-27 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-27 13:31 . 2008-01-27 13:31 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-01-27 13:29 . 2008-01-27 13:29 <DIR> d-------- C:\Program Files\RogueRemover
2008-01-27 13:19 . 2008-01-27 13:19 <DIR> d-------- C:\Documents and Settings\rbrindisi\Application Data\Lavasoft
2008-01-26 12:17 . 2008-01-26 19:45 <DIR> d-------- C:\Program Files\Norton 360
2008-01-26 12:16 . 2008-01-26 13:05 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-26 12:16 . 2008-01-26 13:05 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-26 12:16 . 2008-01-26 13:05 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-26 12:16 . 2008-01-26 13:05 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-26 11:54 . 2008-01-26 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-01-25 19:52 . 2008-01-25 19:52 54,764 --a------ C:\WINDOWS\system32\drivers\fak32.sys
2008-01-25 18:23 . 2008-01-25 18:26 <DIR> d-------- C:\Program Files\PowerISO
2008-01-24 22:54 . 2008-01-24 22:54 <DIR> d-------- C:\Documents and Settings\rbrindisi\Application Data\Ethereal
2008-01-24 22:38 . 2008-01-24 22:38 <DIR> d-------- C:\Program Files\Ethereal
2008-01-23 20:05 . 2008-01-23 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZipEC
2008-01-23 20:04 . 2008-01-27 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-23 20:02 . 2008-01-25 18:38 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-23 18:12 . 2008-01-23 18:12 <DIR> d-------- C:\WINDOWS\vbSkinner
2008-01-23 00:11 . 2008-01-23 00:11 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-23 00:11 . 2008-01-23 08:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-22 22:34 . 2008-01-25 19:52 <DIR> d-------- C:\Program Files\DNA
2008-01-22 22:34 . 2008-01-22 22:34 <DIR> d-------- C:\Program Files\BitTorrent
2008-01-22 22:34 . 2008-01-25 19:49 <DIR> d-------- C:\Documents and Settings\rbrindisi\Application Data\DNA
2008-01-22 22:34 . 2008-01-26 11:05 <DIR> d-------- C:\Documents and Settings\rbrindisi\Application Data\BitTorrent
2008-01-21 20:46 . 2008-01-21 20:46 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-21 20:46 . 2008-01-21 20:46 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_vhdbus_01005.Wdf
2008-01-21 20:44 . 2008-01-21 20:46 <DIR> d-------- C:\Program Files\Microsoft Virtual Server
2008-01-21 16:10 . 2008-01-21 16:10 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-20 02:07 . 2008-01-20 02:07 33,292 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-14 22:35 . 2008-01-15 09:47 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-01-14 22:16 . 2008-01-14 22:16 189 --a------ C:\WINDOWS\system32\CTSTATUS.FCS
2008-01-14 22:15 . 2008-01-15 13:08 <DIR> d-------- C:\WINDOWS\rnapxs
2008-01-11 21:47 . 2008-01-11 21:47 <DIR> d-------- C:\WINDOWS\system32\runtime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 02:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-07 02:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-06 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-06 03:50 --------- d-----w C:\Program Files\Enigma Software Group
2008-01-26 19:16 --------- d-----w C:\Documents and Settings\rbrindisi\Application Data\Symantec
2008-01-26 18:05 --------- d-----w C:\Program Files\Symantec
2008-01-24 02:37 1,000 ----a-w C:\Program Files\UltimateBet.dat
2008-01-24 02:31 --------- d-----w C:\Program Files\Update
2008-01-23 05:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 02:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 00:41 --------- d-----w C:\Program Files\Quicken
2008-01-22 00:51 --------- d-----w C:\Program Files\Transcender
2008-01-21 21:08 --------- d-----w C:\Program Files\STOPzilla!
2008-01-21 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-21 04:14 --------- d-----w C:\Program Files\Avery Wizard 3.0
2008-01-19 02:07 82,505 ----a-w C:\Program Files\INSTALL.LOG
2008-01-17 01:03 --------- d-----w C:\Program Files\Google
2008-01-16 15:45 3,667,272 ----a-w C:\Program Files\UltimateBet.exe
2008-01-16 15:45 2,012,392 ----a-w C:\Program Files\resLobby.dll
2008-01-15 14:16 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-15 03:03 --------- d-----w C:\Documents and Settings\rbrindisi\Application Data\GetRightToGo
2008-01-05 04:36 --------- d-----w C:\Program Files\Apperson
2007-12-29 04:15 --------- d-----w C:\Program Files\MSECache
2007-11-30 15:02 1,582,312 ----a-w C:\Program Files\resSplash.dll
2007-10-28 14:10 632,040 ----a-w C:\Program Files\resMiniBar.dll
2007-10-28 14:10 537,832 ----a-w C:\Program Files\resGames.dll
2007-10-28 14:10 3,622,120 ----a-w C:\Program Files\resBJ.dll
2007-10-28 14:10 10,376,424 ----a-w C:\Program Files\res2D.dll
2007-10-28 14:10 1,074,408 ----a-w C:\Program Files\resTable.dll
2007-09-16 15:18 1,112 ---h--w C:\Documents and Settings\All Users\Application Data\rbrindisi-acopts.dat
2007-09-12 14:24 242 ---h--w C:\Documents and Settings\All Users\Application Data\acopts.dat
2007-03-01 18:42 202,280 ----a-w C:\Program Files\StmOCX.dll
2006-10-13 14:38 12,054 ----a-w C:\Program Files\eula.txt
2003-06-02 05:24 53,248 ----a-w C:\Program Files\zlib.dll
2003-05-30 07:55 163,840 ----a-w C:\Program Files\UBSoftUpdate.exe
2002-07-26 21:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2002-02-01 05:27 679,936 ----a-w C:\Program Files\libeay32.dll
2002-02-01 05:27 147,456 ----a-w C:\Program Files\ssleay32.dll
2001-12-18 23:09 7,398 ----a-w C:\Program Files\ubcustom.ico
2001-12-18 23:09 27 ----a-w C:\Program Files\Product.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB425ECD-A4B6-4E21-8935-4EEF224DEF4D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0EFF522-9FBF-4C15-980E-D66224406DC0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 18:54 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 12:39 1289000]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 02:05 217088]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 20:54 116072]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-09-29 17:12 976085]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 03:58 65536]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-09-29 17:12 118784]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"@"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

C:\Documents and Settings\rbrindisi\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14 59080]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-05-14 17:48:37 1445904]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-09-25 20:25:15 124912]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14 59080]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoLogOff"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoPrinters"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
xxyvurs.dll

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 07:00]
R2 Virtual Server;Virtual Server;"C:\Program Files\Microsoft Virtual Server\vssrvc.exe" [2007-05-24 13:36]
R3 vhdbus;Microsoft Virtual Server Storage Bus;C:\WINDOWS\system32\DRIVERS\vhdbus.sys [2007-05-05 04:25]
R3 vmh;Virtual Machine Helper;"C:\Program Files\Microsoft Virtual Server\vmh.exe" [2007-05-24 13:36]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 09:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05fc55c3-c6be-11dc-b89d-001731958718}]
\Shell\AutoRun\command - I:\Launch.exe /run

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-06 13:30:00 C:\WINDOWS\Tasks\SpyHunter Scanner.job"
- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 21:37:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2008-02-06 21:39:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-07 02:39:39
.
2008-01-24 22:10:47 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:55 PM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Virtual Server\vmh.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\HPZinw12.exe

O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase2474.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158285914687
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12875 bytes

#10 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 08 February 2008 - 09:13 PM

Hello again,

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Step 1
Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

Step 2
Download rustbfix from here and save it to your desktop.
Double click on rustbfix.exe to run the tool.
If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer.
The reboot will probably take quite a while, and perhaps 2 reboots will be needed.
But this will happen automatically.
After the reboot 2 logfiles will open (C\avenger.txt & C\rustbfix\pelog.txt).
Post the content of these logfiles along with a new HijackThis log.

Step 3
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\drivers\fak32.sys
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\nnaurdmi.dll
C:\WINDOWS\system32\lsjagwqa.ini
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\lcyjcirp.tmp

Driver::
fak32

DirLook::
C:\WINDOWS\rnapxs

FileLook::
C:\WINDOWS\BM5f5b9262.xml

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB425ECD-A4B6-4E21-8935-4EEF224DEF4D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0EFF522-9FBF-4C15-980E-D66224406DC0}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
Step 4
Click on the Start Button, Click Search
  • Click All Files and Folder
  • Click Advanced Options, put a check next to the following:
  • Search System Folders
  • Search Hidden Files And Folders
  • Search Subfolders
Now in the Search box, please copy/paste the following into it(one at a time):

xxyvurs.dll

If they are found, please make sure to delete them.

If you have any errors with the manual deletions please let me know.

Step 5
Please post the following in your net reply
  • avenger.txt
  • pelog.txt
  • Combofix.txt
  • Fresh HJT log
  • Update on how everything is running


Posted Image


#11 rbrindisi

rbrindisi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 10 February 2008 - 03:16 PM

Here are the logs and some observations. During the Rustock.b-fix the system did not reboot. However, my Norton360 processed the Trojan.Vundo virus and required a reboot. Since running the ComboFix my browser has not been redirected. Hope this helps and thank you for your help.


************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************
Sat 02/09/2008 22:46:42.20

No Rustock.b-rootkits found

******************************* End of Logfile ********************************


ComboFix 08-02.05.3 - rbrindisi 2008-02-10 11:33:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1443 [GMT -5:00]
Running from: C:\Documents and Settings\rbrindisi\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\rbrindisi\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\fak32.sys
C:\WINDOWS\system32\lcyjcirp.tmp
C:\WINDOWS\system32\lsjagwqa.ini
C:\WINDOWS\system32\nnaurdmi.dll
C:\WINDOWS\system32\tmp.reg
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\rbrindisi\Application Data\inst.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\fak32.sys
C:\WINDOWS\system32\lcyjcirp.tmp
C:\WINDOWS\system32\lsjagwqa.ini
C:\WINDOWS\system32\nnaurdmi.dll
C:\WINDOWS\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-09 22:46 . 2008-02-09 22:46 <DIR> d-------- C:\Rustbfix
2008-02-09 21:13 . 2008-02-09 21:13 28 --a------ C:\WINDOWS\v2d.INI
2008-02-09 15:09 . 2008-02-09 15:09 <DIR> d-------- C:\v2d
2008-02-09 15:09 . 2008-02-09 20:33 <DIR> d-------- C:\Program Files\Total Video2DVD Author
2008-02-09 14:51 . 2008-02-09 16:00 <DIR> d-------- C:\Program Files\VSO
2008-02-09 14:51 . 2008-02-09 16:00 <DIR> d-------- C:\Documents and Settings\rbrindisi\Application Data\Vso
2008-02-09 14:51 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-02-09 14:51 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-02-09 14:51 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-02-09 14:51 . 2008-02-09 14:51 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-09 14:51 . 2008-02-09 16:00 47,360 --a------ C:\Documents and Settings\rbrindisi\Application Data\pcouffin.sys
2008-02-09 13:27 . 2008-02-09 13:27 <DIR> d-------- C:\Documents and Settings\rbrindisi\Application Data\Media Player Classic
2008-02-09 13:25 . 2008-02-09 13:25 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-02-09 13:13 . 2008-02-09 13:13 <DIR> d-------- C:\Program Files\Orban
2008-02-07 21:58 . 2008-02-07 21:58 <DIR> d-------- C:\WINDOWS\ASTULogTemp
2008-02-07 21:58 . 2008-02-07 21:58 19,353 --a------ C:\WINDOWS\system32\ASTULog.cab
2008-02-07 21:58 . 2008-02-07 21:58 1,043 --a------ C:\WINDOWS\system32\setup.inf
2008-02-07 21:58 . 2008-02-07 21:58 283 --a------ C:\WINDOWS\system32\setup.rpt
2008-02-02 12:56 . 2008-02-02 13:40 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-02 12:56 . 2008-02-02 13:40 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-02 12:56 . 2008-02-02 13:40 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-02 12:55 . 2008-02-02 12:56 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-01 20:19 . 2008-02-01 20:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-01 20:19 . 2008-02-01 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-29 15:36 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-29 15:36 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-29 15:36 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-29 12:13 . 2008-02-01 15:22 13,353 --a------ C:\WINDOWS\BM5f5b9262.xml
2008-01-27 17:15 . 2008-01-27 17:15 542,582 --a------ C:\Autoruns.zip
2008-01-27 14:08 . 2008-01-27 14:08 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-27 14:08 . 2008-01-27 14:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-27 14:08 . 2008-01-27 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-27 13:31 . 2008-01-27 13:31 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-01-27 13:29 . 2008-01-27 13:29 <DIR> d-------- C:\Program Files\RogueRemover
2008-01-27 13:19 . 2008-01-27 13:19 <DIR> d-------- C:\Documents and Settings\rbrindisi\Application Data\Lavasoft
2008-01-26 12:17 . 2008-01-26 19:45 <DIR> d-------- C:\Program Files\Norton 360
2008-01-26 12:16 . 2008-01-26 13:05 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-26 12:16 . 2008-01-26 13:05 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-26 12:16 . 2008-01-26 13:05 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-26 12:16 . 2008-01-26 13:05 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-26 11:54 . 2008-01-26 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-01-25 18:23 . 2008-01-25 18:26 <DIR> d-------- C:\Program Files\PowerISO
2008-01-24 22:54 . 2008-01-24 22:54 <DIR> d-------- C:\Documents and Settings\rbrindisi\Application Data\Ethereal
2008-01-24 22:38 . 2008-01-24 22:38 <DIR> d-------- C:\Program Files\Ethereal
2008-01-23 20:05 . 2008-01-23 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZipEC
2008-01-23 20:04 . 2008-01-27 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-23 20:02 . 2008-01-25 18:38 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-23 18:12 . 2008-01-23 18:12 <DIR> d-------- C:\WINDOWS\vbSkinner
2008-01-23 00:11 . 2008-01-23 00:11 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-23 00:11 . 2008-01-23 08:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-22 22:34 . 2008-01-25 19:52 <DIR> d-------- C:\Program Files\DNA
2008-01-22 22:34 . 2008-01-22 22:34 <DIR> d-------- C:\Program Files\BitTorrent
2008-01-22 22:34 . 2008-01-25 19:49 <DIR> d-------- C:\Documents and Settings\rbrindisi\Application Data\DNA
2008-01-22 22:34 . 2008-02-09 13:27 <DIR> d-------- C:\Documents and Settings\rbrindisi\Application Data\BitTorrent
2008-01-21 20:46 . 2008-01-21 20:46 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-21 20:46 . 2008-01-21 20:46 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_vhdbus_01005.Wdf
2008-01-21 20:44 . 2008-01-21 20:46 <DIR> d-------- C:\Program Files\Microsoft Virtual Server
2008-01-21 16:10 . 2008-01-21 16:10 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-20 02:07 . 2008-01-20 02:07 33,292 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-14 22:35 . 2008-01-15 09:47 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-01-14 22:16 . 2008-01-14 22:16 189 --a------ C:\WINDOWS\system32\CTSTATUS.FCS
2008-01-14 22:15 . 2008-01-15 13:08 <DIR> d-------- C:\WINDOWS\rnapxs
2008-01-11 21:47 . 2008-01-11 21:47 <DIR> d-------- C:\WINDOWS\system32\runtime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-10 03:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-09 22:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-09 21:12 1,000 ----a-w C:\Program Files\UltimateBet.dat
2008-02-09 21:02 --------- d-----w C:\Program Files\Update
2008-02-06 03:50 --------- d-----w C:\Program Files\Enigma Software Group
2008-01-26 19:16 --------- d-----w C:\Documents and Settings\rbrindisi\Application Data\Symantec
2008-01-26 18:05 --------- d-----w C:\Program Files\Symantec
2008-01-23 05:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 02:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 00:41 --------- d-----w C:\Program Files\Quicken
2008-01-22 00:51 --------- d-----w C:\Program Files\Transcender
2008-01-21 21:08 --------- d-----w C:\Program Files\STOPzilla!
2008-01-21 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-21 04:14 --------- d-----w C:\Program Files\Avery Wizard 3.0
2008-01-19 02:07 82,505 ----a-w C:\Program Files\INSTALL.LOG
2008-01-17 01:03 --------- d-----w C:\Program Files\Google
2008-01-16 15:45 3,667,272 ----a-w C:\Program Files\UltimateBet.exe
2008-01-16 15:45 2,012,392 ----a-w C:\Program Files\resLobby.dll
2008-01-15 14:16 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-15 03:03 --------- d-----w C:\Documents and Settings\rbrindisi\Application Data\GetRightToGo
2008-01-05 04:36 --------- d-----w C:\Program Files\Apperson
2007-12-29 04:15 --------- d-----w C:\Program Files\MSECache
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-11-30 15:02 1,582,312 ----a-w C:\Program Files\resSplash.dll
2007-11-16 00:11 659,456 ----a-w C:\WINDOWS\system32\KUserService.dll
2007-11-16 00:11 57,344 ----a-w C:\WINDOWS\system32\KWebFarm.dll
2007-11-16 00:11 495,616 ----a-w C:\WINDOWS\system32\KDataService.dll
2007-11-16 00:11 45,056 ----a-w C:\WINDOWS\system32\KCommon.dll
2007-11-16 00:11 32,768 ----a-w C:\WINDOWS\system32\webCryption.dll
2007-11-16 00:11 24,576 ----a-w C:\WINDOWS\system32\msxml3a.dll
2007-11-16 00:11 24,576 ----a-w C:\WINDOWS\system32\IKUserInterface.dll
2007-11-16 00:11 24,576 ----a-w C:\WINDOWS\system32\IKDataInterface.dll
2007-11-16 00:11 20,480 ----a-w C:\WINDOWS\system32\IKLiveInterface.dll
2007-11-16 00:11 20,480 ----a-w C:\WINDOWS\system32\IKCryptionInterface.dll
2007-11-16 00:11 20,480 ----a-w C:\WINDOWS\system32\IKBusinessInterface.dll
2007-11-16 00:11 193,784 ----a-w C:\WINDOWS\system32\HttpX.dll
2007-11-16 00:11 172,032 ----a-w C:\WINDOWS\system32\KBusinessService.dll
2007-10-28 14:10 632,040 ----a-w C:\Program Files\resMiniBar.dll
2007-10-28 14:10 537,832 ----a-w C:\Program Files\resGames.dll
2007-10-28 14:10 3,622,120 ----a-w C:\Program Files\resBJ.dll
2007-10-28 14:10 10,376,424 ----a-w C:\Program Files\res2D.dll
2007-10-28 14:10 1,074,408 ----a-w C:\Program Files\resTable.dll
2007-09-16 15:18 1,112 ---h--w C:\Documents and Settings\All Users\Application Data\rbrindisi-acopts.dat
2007-09-12 14:24 242 ---h--w C:\Documents and Settings\All Users\Application Data\acopts.dat
2007-03-01 18:42 202,280 ----a-w C:\Program Files\StmOCX.dll
2006-10-13 14:38 12,054 ----a-w C:\Program Files\eula.txt
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2003-06-02 05:24 53,248 ----a-w C:\Program Files\zlib.dll
2003-05-30 07:55 163,840 ----a-w C:\Program Files\UBSoftUpdate.exe
2002-07-26 21:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2002-02-01 05:27 679,936 ----a-w C:\Program Files\libeay32.dll
2002-02-01 05:27 147,456 ----a-w C:\Program Files\ssleay32.dll
2001-12-18 23:09 7,398 ----a-w C:\Program Files\ubcustom.ico
2001-12-18 23:09 27 ----a-w C:\Program Files\Product.ini
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

- Not a PE file.

---- Directory of C:\WINDOWS\rnapxs ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 18:54 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 12:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 02:05 217088]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 20:54 116072]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-09-29 17:12 976085]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 03:58 65536]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-09-29 17:12 118784]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

C:\Documents and Settings\rbrindisi\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14 59080]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-05-14 17:48:37 1445904]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-09-25 20:25:15 124912]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14 59080]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoLogOff"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoPrinters"= 0 (0x0)

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 07:00]
R2 Virtual Server;Virtual Server;"C:\Program Files\Microsoft Virtual Server\vssrvc.exe" [2007-05-24 13:36]
R3 vhdbus;Microsoft Virtual Server Storage Bus;C:\WINDOWS\system32\DRIVERS\vhdbus.sys [2007-05-05 04:25]
R3 vmh;Virtual Machine Helper;"C:\Program Files\Microsoft Virtual Server\vmh.exe" [2007-05-24 13:36]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 09:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05fc55c3-c6be-11dc-b89d-001731958718}]
\Shell\AutoRun\command - I:\Launch.exe /run

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-10 14:20:29 C:\WINDOWS\Tasks\MyDocsBak.job"
- C:\WINDOWS\system32\ntbackup.exeHbackup
"2008-02-08 13:30:00 C:\WINDOWS\Tasks\SpyHunter Scanner.job"
- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 11:35:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-10 11:35:53
ComboFix-quarantined-files.txt 2008-02-10 16:35:51
ComboFix2.txt 2008-02-07 02:39:42
.
2008-01-24 22:10:47 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:44 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Virtual Server\vmh.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\HPZinw12.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase2474.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158285914687
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12673 bytes

#12 rbrindisi

rbrindisi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 10 February 2008 - 03:18 PM

ALSO, No xxyvurs.dll was found during the search.

#13 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 10 February 2008 - 03:41 PM

Accidental Post

Edited by MoNsTeReNeRgY22, 10 February 2008 - 03:42 PM.


Posted Image


#14 MoNsTeReNeRgY22

MoNsTeReNeRgY22

    1337 Malware Destroyer


  • Members
  • 611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 12 February 2008 - 10:14 AM

Hello again,

Sorry for the delay.

Step 1
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\WINDOWS\rnapxs

Step 2
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Step 3
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Posted Image


#15 rbrindisi

rbrindisi
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 12 February 2008 - 09:24 PM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 12, 2008 9:14:16 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/02/2008
Kaspersky Anti-Virus database records: 560524
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 93021
Number of viruses found: 13
Number of infected objects: 54
Number of suspicious objects: 0
Duration of the scan process: 01:17:16

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\000aa3edd4559b5a8571fb6bfe699bb1_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00d69cbe649a7068b263a66907023af1_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\01154bb151066cc47256f7dc919cffcb_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0137c950accbe8f1695cf500f55cea44_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0423dfabd1d703efe606877528bc27c0_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\048fcd6310d6502423f3313bced605c4_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\060cdf328f31b677237f88b906344d77_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\06bd3186725c6a58ac0408341e1e57a6_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07010d7f28f1cadeab8848f9615903bb_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\081840b665ff47c6ce58b81caa7ca33b_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0886745adfd960ea36c4c9247663a13f_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e9bfb9b22a081fbdb8d88bafb42b0b_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\094aa2c592e14e4cb7c47bcd2dd19caf_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c9d8bdf5438ff4d36d0854d24e01c54_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e442a01dade7b64ee938e70ba7c7210_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f9f922a21112c9a1baa57260ea00387_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1054ef281690fef052a3e7f1e00118f7_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\10d394d5d3545de56192f6eb16c2e6e9_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\11816475a1af9a87e22df2ea7f9b94ff_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1181dfaa0cddc638a76e069d8c28ad90_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\14f07e225db0972feaddb5b276bd7a16_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\16039863670e1911b19ba3b5446612eb_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\17070547f1db46a09caafd083f17a041_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a54489c6c817e000eba17f9451a6a69_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b4e98519872de55e9b18ff91342eac8_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d692251dfeec23b80e1042217e4ea5d_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\20a956227f718b0fd286530807cd8b72_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\225f2ee30f5b92db80bfa6a776bbc43b_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\235175bdf45bac3385135e565b553074_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\25af0bb98f97ee65ed1c39a7217a73e6_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\25cdf0a6f3196fc968cc0f3a7f68daca_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\292ef489ed86a53f1ef2f0dd24af451b_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2a8f9aee6bd1156ac91c63bd2d1f40f8_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b74f1ddd49fd908a601266ccaa32c18_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d1cf742664ec8e098fed77900e2a557_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d7f293a973c25b0c145e20ee3449cef_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2dbb97bf707aa159614b465643e49a5a_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f0a1299c068ae74d209535b807c5cec_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f0c97549be773abce6fabc10716a9c7_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f1afc55f565fbd6e9d9fbb8a2eef627_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\32ad9ea01924a5d6a53f0765916709e6_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\33f572e2f0b17324e933291475b1f941_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\354c16c6fc2bec183c258f66e5fa21c9_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\38e0c53e035eaad14588d63db3c20672_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\397fc2847f7cb218a0d0862ffa3e19c6_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c75426454168dd2ce938a72db9d1647_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d2cf7796f4de10020e5adc297f82c7f_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\415ebe95dcea13496ac52a7b44d8da9b_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\42719aeb43895ccd6a84011cd90cad08_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4286facb7584e8004603cab667f5362a_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\440dd9f2d510595948949afb18543ab2_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4529412880aee8d3b80307396f50965d_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\464d8e9e098698797cb9793922aba081_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\474cb1277ec365aafe6e71fc1912578b_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47547418167f790e44a4f69e15e3e197_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47862cf23498c27513c3c271137e2e9c_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c946ef62925ee9b0905a069e773dc2e_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4cc196d6e0634c4ae51267efc589bfc4_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d8648d20cb2fd0b864f881aa9bf88df_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4e644d420e26b5ad074b0e59f3020cd0_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4eb810bd39e633706ac3586dfd372cf3_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\50228acf580dd7a64604b0d0a186b871_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5271f254bea2412f2d5ed70176b6c96e_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\528e148ef7f771a75bbf00b6d5d33dc3_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\54d967ba92c77824b3336abf538fd544_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5856ba0fb58efa149b48a216c4cc7af7_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\59eda1a46fb2344418f3d6ca1074b764_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a377a5e4e924f4eb3a34c46d56cb812_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c6fa62cdaf20e591f250c2bc958ff59_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c71147ed264ad8c9c4f43849da63b0b_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\61c81197cf814df0bb78d0bcca9c376a_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\62e8fc3e3a5635bc5bd8935d1ccf0cf3_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\659b76ad566e1b50c2faf6343606da44_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65a997de6c77afb39b2ee1ec4953f07d_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65cd91444bb7b3aada3b490ea10cdc75_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65edbb3dfa1951c7d6a8cfee020642cb_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\670f50922cbf0357d0596bfbf0d3a4ac_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\673a6477677e2899bed20ccdba10408e_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\69c55271507d2e0efb53be9e7a7f409e_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b1c1ea51e1b1362598c9febd7c2c617_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6bb9dedb8e17be187edb60068a6e461d_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6cfc1b06e96b9f76a31f91ba2a0aef84_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d265b061a91043476f56cbd408f024b_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d900ab37fa4cb4e3ab3af6beb736ed3_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6eb19e345f91746248c87c144a157643_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\715fd6a7f2fc35dfa5c5a806d88995cd_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\71626c217f3b702cda907b71b450daa2_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\729f0e61cfa4b5e2e4deeca0a76a89ef_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76b11953596d4b5633b88585b054d09a_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7739fcba21ab2c446a6d464d42a9a28e_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77617f432fd5f2576ade1db836cd1692_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\787b25cdc43f441a4d707bfe904f6d6a_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7af9814701753a0aa15d97d2c70fc92c_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b0cfc144708c627ad1fc793d3e63ea7_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c2830ddf834d0a41e1c8bb25ecfbdeb_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cd17aefee5b05e727da9d113097162a_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d131f8d36ed7e565171083e0890849f_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d170b0036977fc1cc029462f83b2cda_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e17d0c174840f2e8d3e937dea061ddd_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80d4b5aeb49588c307a84dfdb93cc5bb_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8140175d600fb542b24cfeed6060c795_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8166eb9a74ab8feac9bd9d3d9266f63e_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\829eb69a41ffbe36a9069ccfc2c85be8_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\83052f858e03476fd98dff1420da5b9a_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\83288591482258114e83f7c0a7d2d38d_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\839d8e6234193800aaa5063c1677aadc_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8467fec5dbaa294e6b0ad20126e481b6_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84dff739a3175730388ecddc8e447b41_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\86a7c70cc82e4ce63acfdf91a24dcc20_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\877b37119b4514fe53b596bbd8bb17bc_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\87ea1d60f06c89f020a63056c32a0a9e_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a0855ed241d52d2f7f13b25ab31db7e_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a7837b7715d51f46ab0ec773c5fcb39_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b97d4037555d65753a36eece087b7bc_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\90b9b390caf2a25ccd15603b1cd8c67d_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\92d5391e5953e6a33761490baedebab8_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9313df8f023264363ce1fb8b14598240_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\93c6924b7f08af2b368304fa1b8fcd0f_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\94395bfcc07d0b2ba38a706c5194e1e0_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\94b5f28809eb07cb500c5a7ccff80739_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\94f47c61b0d265c59b1b24437e2a25f2_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\96a4babb5c0673648ac83af567dc8356_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\96bd76470d4ee65c8cb3b3be2289feb2_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\979fccabc9b63cd8b08fe19a49aa94f5_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\988af5bbf9f806f0a348046d48c74395_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\98ae073b41e81e469441c4d6a43b7e45_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a034d6f3605517c858a66862c52f5b8_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a725716d5776a735b8f3d9379930932_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ad7cddbc6fb886b70feafdbe69d2128_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0aac0884ffc82cbcc65fcc27f400781_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a326be904faaab5c1e20c28501956931_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a3be998a91da7a11d536a297fd6f9262_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a3d8331a7d48a8dd8af90949f1a4166d_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a459e7ba7461adb1f17f85875b7c6c66_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a541d37fd9f6920496684354e3fca4e7_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5457bcf610248ba9251194533eb6918_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a78babe8ca8b5197e5763a66fc612d28_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7ac496e89c2e153c46a110918fa3afb_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7f99fc31a35e00e96d9544a7a7afc6f_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a836005c13136bae5a34aa30fa594bda_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a87b49c41c2b5334c5bc420e4df282b4_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a8a9c7d50cc320b2f37cb1f9d9008d87_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a8febf669bdc9d29ef829b917c49a126_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa6c93476fb3b4f535eca47031e0c40b_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ab5d14d1e57bcaab4f20bca8234afb27_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aed3aa2b0e2fc8fba775fa3bc9f56809_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aee4549d27647630214df0f75b4af01c_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b0dc4b746e91bffebcaf64597d566bde_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2f3bb0f11ea0e9e69cecda1bb59833b_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b367ef21c62203b733d19f5ce9c8091a_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b45d6323aa26448b834f5148b0f5ea99_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b48f16121e521d8d5cc3723c61dc28b3_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b5f61b25051d3c9c7791dc3e709c12a7_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7046e957d6471bd84964ec0758e84cc_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b74029fd4484388945db9fcd0feeda82_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb106bfd6a2bc153385abd379625661e_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb6a452c42701f792d70d80f0dde70d3_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c382a29aa6b9844969e55f3a54831cc2_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c78809ce9d360e13f3e631501c996a4d_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca4cec51f05eba350359d8225a382a68_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc073d1513988479bbe5b57750fe9e50_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cda5cd726893ae336a779bb3e02edd63_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d142162830c98530e6d6845c2b8610e0_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1a8e422c024775676da35779366ec65_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1c131d5b1c06b4b2956432632b60803_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d351a08e9579784578e315b8c36b2591_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d38f86250ecefcdee73a3584a1cb1984_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d438e3318cc777694eb8c61cc2557b8c_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4e6a78541d83330625954bc49b8bd41_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d7f0bf1ae88e89da2742359f62e16da3_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dbf594d1276089fe4df85fc788c53589_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dfff6603ea388e094050eddd928549b6_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e01cf4a20646dc0cf7bf2e752bb2017b_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e0df854c051d7206f5886b5aed487d23_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e3b35b0199696e79609138b0c4487b8a_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4bbdefcea5321476cdd14b177ba8ccc_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e54a5167a297f7d705d98cfba78549cc_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e78eeb215236ded27632143e6d2f8bdb_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eab472ce2abf9fda7f3bde0b3c0a2027_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ec7a91cfb274c3330aa4092f62015888_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee22690ac652fcb39d6de619b351776f_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eeb3e33380bd89f67356f01536f7ce9e_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eece0bfcdac2f168884fc2e1f59fb073_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f02405d8c4385acda0ea164b3a5c4ee0_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f440e9fc582e19868ebdc7486df08232_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f4b193a08e3d10cff755cbb4b082f215_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f69627af0e77b3439a0f0072322058aa_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f73d0e8bd137a0b1648647e822e55db8_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f81e79159b8a5de153075b12add2015f_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f86c9ecd2939f6b27918ba6d236d852a_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f95b4bbb2c8b260501c62aa5865a28b1_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f970a88f23d8e27e7c92afaba33a55d3_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f976e394e3af6ebf96e4d83fb494ea97_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb9feab0f28e561c63eba8cb1c8146bb_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fcc2c12fcba28f5db00ac89ef76ec00e_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd20f8a10079d02ad22571fdfbb8fc05_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd225073a14825e62310eb6c5b379106_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd9f5b46a54140eeddbac9768f268144_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff1b032b89834e23d5d86cfccdc65b48_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff647ed4285972225daf3bc1305df302_0cf233ec-599c-4ab9-aecc-76ffe5bfbf09 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Virtual Machine Helper\NETWORK SERVICE Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Virtual Server\Options.xml Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-12_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\DEF4F6BC.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\rbrindisi\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\rbrindisi\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\History\History.IE5\MSHist012008021220080213\index.dat Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\temp\~DF5DEA.tmp Object is locked skipped
C:\Documents and Settings\rbrindisi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\rbrindisi\My Documents\Downloads\Smithfraud\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\rbrindisi\My Documents\Downloads\Smithfraud\SmitfraudFix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\rbrindisi\My Documents\Downloads\Smithfraud\SmitfraudFix\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\rbrindisi\My Documents\Downloads\Smithfraud\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\rbrindisi\My Documents\Downloads\Smithfraud\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\rbrindisi\My Documents\Downloads\Smithfraud\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\rbrindisi\My Documents\Downloads\WinZip 1.1.1 Professional !!.zip/WinZip 1.1.1 Professional !!.EXE/data0000.cab/rBot.exe Infected: Backdoor.Win32.Agobot.aoz skipped
C:\Documents and Settings\rbrindisi\My Documents\Downloads\WinZip 1.1.1 Professional !!.zip/WinZip 1.1.1 Professional !!.EXE/data0000.cab Infected: Backdoor.Win32.Agobot.aoz skipped
C:\Documents and Settings\rbrindisi\My Documents\Downloads\WinZip 1.1.1 Professional !!.zip/WinZip 1.1.1 Professional !!.EXE Infected: Backdoor.Win32.Agobot.aoz skipped
C:\Documents and Settings\rbrindisi\My Documents\Downloads\WinZip 1.1.1 Professional !!.zip ZIP: infected - 3 skipped
C:\Documents and Settings\rbrindisi\My Documents\Software\SentryPCFULL.exe/spcchat.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.60006 skipped
C:\Documents and Settings\rbrindisi\My Documents\Software\SentryPCFULL.exe/NoStealth.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.60006 skipped
C:\Documents and Settings\rbrindisi\My Documents\Software\SentryPCFULL.exe Vise: infected - 2 skipped
C:\Documents and Settings\rbrindisi\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\rbrindisi\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.7\NCOWAD.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.7\NCOWADMT.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.7\NCOWAS.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.7\NCOWAS.ldb Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped
C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped
C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped
C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped
C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped
C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped
C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bhsgotsj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\puhrmwwi.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.kp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\redmhavi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vglhpqpu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-06_213708.17.zip/jkkjk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.edx skipped
C:\QooBox\Quarantine\catchme2008-02-06_213708.17.zip ZIP: infected - 1 skipped
C:\RECYCLER\NPROTECT\00232927 Object is locked skipped
C:\RECYCLER\NPROTECT\00232928 Object is locked skipped
C:\RECYCLER\NPROTECT\00233112 Object is locked skipped
C:\RECYCLER\NPROTECT\00233113 Object is locked skipped
C:\RECYCLER\NPROTECT\00233174.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.dux skipped
C:\RECYCLER\NPROTECT\00233176.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\RECYCLER\NPROTECT\00233335 Object is locked skipped
C:\RECYCLER\NPROTECT\00233336 Object is locked skipped
C:\RECYCLER\NPROTECT\00234506 Object is locked skipped
C:\RECYCLER\NPROTECT\00234507 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP11\change.log Object is locked skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP2\A0000080.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP2\A0000081.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP2\A0000082.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP2\A0000083.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP2\A0000084.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP2\A0000085.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.edz skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP2\A0000086.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP2\A0000087.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP2\A0000088.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.edz skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP2\A0000089.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP5\A0000226.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.edw skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP5\A0000227.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP5\A0000228.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP5\A0000229.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gip skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP5\A0000230.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP5\A0000231.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.kp skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP5\A0000232.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP5\A0000233.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP5\A0000234.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP5\A0000235.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP5\A0000258.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.edx skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP9\A0000548.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{CB297E7E-69C2-4717-924C-2BDDC5C6E423}\RP9\A0000568.sys Infected: Trojan-Clicker.Win32.Costrat.de skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B31FC9FD-C34A-472F-8640-214DE93A7DA1}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\VSEvents.evt Object is locked skipped
C:\WINDOWS\system32\drivers\etc\Hosts.bak Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\JET7257.tmp Object is locked skipped
C:\WINDOWS\TEMP\JET7814.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\MyDocs\rbrindisi\My Documents\Downloads\WinZip 1.1.1 Professional !!.zip/WinZip 1.1.1 Professional !!.EXE/data0000.cab/rBot.exe Infected: Backdoor.Win32.Agobot.aoz skipped
D:\MyDocs\rbrindisi\My Documents\Downloads\WinZip 1.1.1 Professional !!.zip/WinZip 1.1.1 Professional !!.EXE/data0000.cab Infected: Backdoor.Win32.Agobot.aoz skipped
D:\MyDocs\rbrindisi\My Documents\Downloads\WinZip 1.1.1 Professional !!.zip/WinZip 1.1.1 Professional !!.EXE Infected: Backdoor.Win32.Agobot.aoz skipped
D:\MyDocs\rbrindisi\My Documents\Downloads\WinZip 1.1.1 Professional !!.zip ZIP: infected - 3 skipped
D:\MyDocs\rbrindisi\My Documents\SentryPCFULL.exe/spcchat.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.60006 skipped
D:\MyDocs\rbrindisi\My Documents\SentryPCFULL.exe/NoStealth.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.60006 skipped
D:\MyDocs\rbrindisi\My Documents\SentryPCFULL.exe Vise: infected - 2 skipped
D:\MyDocs\rbrindisi\My Documents\Software\SentryPCFULL.exe/spcchat.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.60006 skipped
D:\MyDocs\rbrindisi\My Documents\Software\SentryPCFULL.exe/NoStealth.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.60006 skipped
D:\MyDocs\rbrindisi\My Documents\Software\SentryPCFULL.exe Vise: infected - 2 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users