Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Epass-key.com, Waypointcash


  • This topic is locked This topic is locked
56 replies to this topic

#1 mistyroze

mistyroze

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 13 September 2006 - 02:52 AM

I apologize for writing in this forum but have been at this for days now and cant find a way to open a new topic. have done everything asked in the new peoples forum (ad-aware se, spybot, Zonealarm etc) but am having trouble getting the hijack this to work. It downloads and unzips ok but then says error in downloading or disk error. I desperately need help with this. please help.
This is my grannies computer and my cousin has had these pop ups for months and just exits them. I have been on trademe computer message board trying to get rid of these porn, casino and game pop ups but looks like these are firmly entrenched and am way out of my league. They have directed me to you. Zone alarm firewall is coming up every 2-5 minutes with warnings but some are still getting through. Ad-aware has removed alot but every time i go online there are more to remove. Any ideas will be gratefully received, thank you

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 15 September 2006 - 02:55 PM

Hello mistyroze, and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.

Please take note of the following:
  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
* Click here to download Hijackthis.
Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Please post back with the HijackThis log,
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 mistyroze

mistyroze
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 16 September 2006 - 07:40 PM

Thankyou for your help with this, hijack downloaded fine. here we go


Logfile of HijackThis v1.99.1
Scan saved at 12:34:35 p.m., on 17/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\rtwain.dll,_mainRD
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [fm2WfP] C:\WINDOWS\hptuhb.exe
O4 - HKLM\..\Run: [K04W
}z[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hptuhb.exe
O4 - HKLM\..\Run: [K04W
}zigC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hptuhb.exe
O4 - HKLM\..\Run: [K0@]"iC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hptuhb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1065.dll,InstantAccess
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1064_XP.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1065_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD73AC51-0A52-455F-800B-4AA72DB951D5}: NameServer = 210.55.12.1 210.55.12.2
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 mistyroze

mistyroze
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 16 September 2006 - 08:26 PM

P.S I am also getting pop-ups from fp-gad.com and winantivirus.com. Also when i start computer i am
getting a warning message "Rundll" Error loading C:\windows\rtwain.dll "The specified module could not be found" " OK". Dont know if this is relevant or something entirely different. I have run Vundofix V6.15 and Virtmundobegone. They didnt find anything.

I also had trouble downloading the panda scan though it did find winantivirus then collapsed when i asked it to quarantine it. I have been unable to complete a
full scan since it just stalls.

I see you are somewhere close to london, I myself have just returned to New Zealand after 10 years in London. Is that Fozzie bear? Im from the muppets era myself. Well thanks again for your time Charles, please know i appreciate it from the bottom of my heart, this has been quite an experience and its not over yet, hope i can complete your instructions and fix this bleeping computer. Terena X

Edited by mistyroze, 17 September 2006 - 02:11 AM.


#5 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 17 September 2006 - 02:30 PM

Hey mistyroze, sorry for the delay in getting back to you.

======

I see you are somewhere close to london, I myself have just returned to New Zealand after 10 years in London.

Well, sort of. I live in Guildford, but since it's not a well-known city, I like to put "near London" instead; most people have no idea where it is. Where abouts in London did you live?

Is that Fozzie bear? Im from the muppets era myself.

Yup, it's Fozzie Bear. I wouldn't say I'm from the 'muppets era' personally, I just think that everyone loves the muppets, and Fozzie Bear is my personal favourite. :thumbsup:

P.S I am also getting pop-ups from fp-gad.com and winantivirus.com. Also when i start computer i am
getting a warning message "Rundll" Error loading C:\windows\rtwain.dll "The specified module could not be found" " OK". Dont know if this is relevant or something entirely different.

This may be relevant, especially the pop-ups: they are definately being caused by malware. We'll see if you still get the same error message after we've cleaned all that malware out, and if so, then we'll tackle it.

Let's get on with the fix!

======

Download Brute Force Uninstaller.
Unzip it to it’s own folder (c:\BFU)

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download EGDACCESS Remover. Save it in the folder you made earlier (c:\BFU)

Start the Brute Force Uninstaller by doubleclicking BFU.exe

In the scriptline to execute copy and paste c:\bfu\EGDACCESS.bfu
Press execute and let it do it’s job.

Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

======

Update Java:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have this icon next to it: Posted Image
    Select it and click Remove.
  • The current version can be downloaded from Sun here: http://java.sun.com/javase/downloads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 5.0 Update 8' and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.
======

Open HijackThis
- Click the Config... button, then go to the Misc Tools section.
- Click on Open Uninstall Manager. You'll see a list of programs.
- Click on Save List...

The file "uninstall_list.txt" will be created. Copy and paste the contents of this file to your next reply.

======

Please post back with a new HijackThis log, and the uninstall list.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#6 mistyroze

mistyroze
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 18 September 2006 - 04:38 AM

Charles


Before i got your reply i tried something else called (removeit_pro) and the pops ups havnt come up since so thought it would be a good idea to send you another hijack this report. I have done everything you asked up to downloading the new java as it is going to take and hour and a half and i cannot do it till tomorrow now. Deodar from trademe sends his kind regards to you, he is the one who forwarded me to this forum.

I lived in North London, mainly Wembly and Willesden but have lived all over. Used to look after the old people living alone in London. Now i live with my favourite old person...my gran. Aaah isnt that nice..
Anyway here is the new hijack just in case it changed anything and will get updated java tomorrow and post results as asked.

Logfile of HijackThis v1.99.1
Scan saved at 9:29:18 p.m., on 18/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\rtwain.dll,_mainRD
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [fm2WfP] C:\WINDOWS\hptuhb.exe
O4 - HKLM\..\Run: [K04W
}z[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hptuhb.exe
O4 - HKLM\..\Run: [K04W
}zigC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hptuhb.exe
O4 - HKLM\..\Run: [K0@]"iC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hptuhb.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1064_XP.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1065_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD73AC51-0A52-455F-800B-4AA72DB951D5}: NameServer = 210.55.12.1 210.55.12.2
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#7 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 18 September 2006 - 09:34 AM

Hey mistyroze!
I don't think that this program has made any difference to your log at all, but the BFU script I had you run definately has.
Sorry about the Java download being so large, but I'm afraid it is very important that you have the latest version installed on your computer, as many pieces of malware will target an out-of-date Java.
Good luck with the rest of the steps, and I look forward to hearing your results :thumbsup:
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#8 mistyroze

mistyroze
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 18 September 2006 - 07:00 PM

:thumbsup:


right, here we go, hope i did it right


Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
avast! Antivirus
CardRd81
CCHelp
CCScore
CR2
EPSON Printer Software
ES C40 C20 Problem Solver
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
Hijackthis 1.99.1
HijackThis 1.99.1
HLPCCTR
HLPIndex
HLPPDOCK
HLPRFO
Instant Access
J2SE Runtime Environment 5.0 Update 8
Kodak EasyShare software
KSU
Macromedia Shockwave Player
MailSkinner
Messenger Plus! 3
Microsoft Data Access Components KB870669
Microsoft Works 7.0
MSN Messenger 7.0
Notifier
OTtBP
OTtBPSDK
Panda ActiveScan
PCDLNCH
QuickTime
RemoveIT Pro XT2 - SE
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
SFR
SFR2
Spybot - Search & Destroy 1.4
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VCAMCEN
VIA Rhine-Family Fast Ethernet Adapter
VPRINTOL
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
ZoneAlarm






Logfile of HijackThis v1.99.1
Scan saved at 11:57:55 a.m., on 19/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\rtwain.dll,_mainRD
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [fm2WfP] C:\WINDOWS\hptuhb.exe
O4 - HKLM\..\Run: [K04W
}z[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hptuhb.exe
O4 - HKLM\..\Run: [K04W
}zigC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hptuhb.exe
O4 - HKLM\..\Run: [K0@]"iC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hptuhb.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1064_XP.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1065_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD73AC51-0A52-455F-800B-4AA72DB951D5}: NameServer = 210.55.12.1 210.55.12.2
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Well thats all greek to me my english friend but hopefully you speaka da greek.

Hear from you soon Terena X

#9 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 19 September 2006 - 10:29 AM

Hey mistyroze, sorry for the delay in getting back to you.

======

Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible, especially whilst in Safe Mode (you can't use the Internet)

======

Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist):

MailSkinner
Instant Access
MessengerPlus! 3

MessengerPlus! 3
comes with a built-in advertising Sponser Program, and this is often installed without your consent. Therefore, I would recommend that you remove this application. If you really want to keep this program, please follow the following steps to just remove the sponser program:
  • Go in Add/Remove Programs and double click on "Messenger Plus! Live & Sponsor" (or click on Remove)
  • The "Messenger Plus! Live - Uninstaller" is now displayed.
  • If Messenger Plus!'s sponsor is currently installed, two options are displayed: both of them will uninstall the sponsor, however, if you want to keep Messenger Plus! installed on your computer, chose the first option (the sponsor is never re-installed automatically under any circumstances). If you don't see options to uninstall the sponsor, it means that the ads you're experiencing are probably coming from another source that the Messenger Plus!'s sponsor.
  • Press "Next" or "Uninstall" depending on the option you chose (see above). If you chose to uninsstall Messenger Plus! as well, another set of options will be displayed. These options are related to Messenger Plus! only are will not affect the uninstallation of the sponsor.
  • The sponsor screen is now displayed (if you don't see it, search for it in your Task Bar). To prove that someone is currently reading the screen, you have to type the code that is displayed.
  • To complete the uninstallation, follow the instructions that are displayed (the first one is to close all your Internet Explorer windows, that's very important). When everything is complete, restart your computer and, voila!
======

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\rtwain.dll,_mainRD
O4 - HKLM\..\Run: [fm2WfP] C:\WINDOWS\hptuhb.exe
O4 - HKLM\..\Run: [‰K04W
}z[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hptuhb.exe
O4 - HKLM\..\Run: [‰K04W
}zžigC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hptuhb.exe
O4 - HKLM\..\Run: [‰K0@]"‰žiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hptuhb.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1064_XP.cab
O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1065_XP.cab
O18 - Filter: text/html - (no CLSID) - (no file)


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

======

Now, please reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list.

======

Next, please find and delete the following files/folders (if present):

C:\Program Files\MessengerPlus <--This folder if you chose to completely remove MessengerPlus! 3.
C:\Program Files\MailSkinner <--This folder
C:\Program Files\Instant Access <--This folder
c:\windows\rtwain.dll <--This file
C:\WINDOWS\hptuhb.exe <--This file
C:\Program Files\ISTsvc <--This folder
C:\Program Files\RXToolBar <--This folder
======

Reboot into Normal Mode again.

======

Please post back with a new HijackThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#10 mistyroze

mistyroze
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 20 September 2006 - 03:28 AM

:thumbsup:

Bleedin' norah, that was an experience, let me try and put this in greek for you.

Right, first i deleted Mailskinner. No problem. Then Deleting Messenger plus!3 I got this message..

The sponsor installation package has been corrupted! You are getting this message because some files were deleted either manually or by an automatic advertisement removal software thus preventing the real uninstallation program to do its job. Messenger plus! will try to repair some of the damage in orderr to uninstall the sponsor program properly. If this doesnt work try to reinstall Messenger plus! with the sponsor and launch this uninstaller again. All complaints should be sent to the automatic removal software that was used.

Then i got this

Avast warning. A trojan horse was found, there is no reason to panic though

File name: C:\Program files\C2Media\Setup.exe

Malware name: Win32:swizzor-gen [Trj]

Malware Type: Trojan horse

VPS Version: 0638-0, 19/09/2006

Available actions Move/Remove Delete Move to chest

Recommended action: move to chest


Then I got this

Zone alarm security alert

New Program Messenger Plus! is trying to access the trusted zone

Identification: Unknown signed

Application: Msg Plus.exe

Destination IP: 127.0.0.2:Port 1081


This is the programs first attempt to access the local network

Allow/Deny?




So....... I denied..... Then Avast above option moved to chest




Then i got this


Messenger plus Uninstall

Messenger plus successfully uninstalled from computer. Some files were locked and will be deleted next time the computer is restarted. CLose

When i tried to uninstall Instant access it tried to access the internet (after messenger i wasnt sure wether to let it or not, i was offline anyway and came up cant find server. this is the address it wanted to go to http://scripts.downloadv3.com/cleaner/dialpassuninstall.exe


Then i restarted in safe mode and couldnt find Messenger, mailskinner rtwain, hptuhb, istsuc and rxtoolbar.

Instant access came up and I deleted it.


Restarted and here is log.

Logfile of HijackThis v1.99.1
Scan saved at 7:52:54 p.m., on 20/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hope all is going well with you and with what i did, no apology necessary for time taken, I appreciate your help no matter how long it takes. thanks again Terena XXXX

#11 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 22 September 2006 - 04:48 PM

Hiya Terena, sorry for the delay in getting back to you.

======

Can you do me another uninstall list please? Follow the instructions I gave last time if you're unsure.

======

Download Findlop by Metallica. Unzip it to your desktop.
Double click findlop.bat. It will open a notepad file.
Copy the content of that file and paste it here in your reply.

======

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
======

Please post back with the following (it may need more than one reply):
- New HijackThis log
- Findlop log
- Panda log
- New uninstall list

Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#12 mistyroze

mistyroze
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 23 September 2006 - 07:39 PM

Hi rookie, heres the hijack list


Logfile of HijackThis v1.99.1
Scan saved at 12:30:19 p.m., on 24/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD73AC51-0A52-455F-800B-4AA72DB951D5}: NameServer = 210.55.12.1 210.55.12.2
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe







uninstall list

Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
avast! Antivirus
CardRd81
CCHelp
CCScore
CR2
EPSON Printer Software
ES C40 C20 Problem Solver
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
Hijackthis 1.99.1
HijackThis 1.99.1
HLPCCTR
HLPIndex
HLPPDOCK
HLPRFO
Image Resizer Powertoy for Windows XP
Instant Access
J2SE Runtime Environment 5.0 Update 8
Kodak EasyShare software
KSU
Macromedia Shockwave Player
Microsoft Data Access Components KB870669
Microsoft Works 7.0
MSN Messenger 7.0
Notifier
OTtBP
OTtBPSDK
Panda ActiveScan
PCDLNCH
QuickTime
RemoveIT Pro XT2 - SE
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
SFR
SFR2
Spybot - Search & Destroy 1.4
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VCAMCEN
VIA Rhine-Family Fast Ethernet Adapter
VPRINTOL
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
ZoneAlarm

Nothing came up on notepad findlop and still having trouble downloading the pandascan. avast recognized it as a virus/worm in C:\windows\system\activescan\SET4A.tmp Win32:CTX

After disabling avast it still didnt make any difference. Will keep trying. Terena

#13 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 24 September 2006 - 04:32 AM

Hey mistyroze, sorry for the delay in getting back to you.

======

Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist):

Instant Access

Remember that this may require you to reboot your computer to complete the uninstallation- just let it.

======

Try to run FindLop again, but make sure that you extracted it first, as this may cause it not to work.

======

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
======

Please post back with the Kaspersky report, and the FindLop log.
Thanks,
Charles

Edited by rookie147, 24 September 2006 - 04:44 AM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#14 mistyroze

mistyroze
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 24 September 2006 - 06:48 PM

Hiya, hope all is well.



First Instant access was not listed in programs.

Findlop. zipped or unzipped i get a black window notepad and a white notepad which says;

[create] enumerating jobs in queues

then they just sit there doing nothing. ???

The scan results

KASPERSKY ONLINE SCANNER REPORT
Monday, September 25, 2006 11:35:12 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 25/09/2006
Kaspersky Anti-Virus database records: 226126


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 45357
Number of viruses found 2
Number of infected objects 5 / 0
Number of suspicious objects 0
Duration of the scan process 00:42:04

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\014ae8fe12368ee5bf2a421c6e2c13fd_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\03d2a716dac845d8d4f2ff2a242d766b_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0597da0a7e9f09b5b9940231a33ccc11_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\05be5faed9fba7893418e39f795f0872_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\066f15bd04a085262928191c4b377388_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\07111585ade68f60661a4d7889e9a722_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c8c6d96d4d560f2ca993cd3e156be29_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0dea242b4ff8b7572222788fede55573_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\105566196cd87c6abb8de59fc4e39e73_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\128676bb4c020809abb6b673da0527f7_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\14f6b442dae7e9d5bc4641467e6fa554_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1608d81e04515e7f428f500faacd5041_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\167e838a2f7b03c3fa5377a018a8ec35_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a5a84e590b75233a987f28347758d3f_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ab7ec457fef6a6a996dc731190d94d1_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b14f4860d7a8810fce975088dc0e07b_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c0d7adb083b96cc23e0cfc5c396f898_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c819fcc7977905580ac0df937792b65_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\204bcd29fcb4313e3d32ef52b440851c_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\20da3b37fe7517cf1ead8a55ccd193cd_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\21882e2441f6d4aee752bf6148aa2414_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2437435f44903fe811aa81f6781c86cb_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\24edf75faa06a08fe05eef7846f407b3_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\269532a234d59cdb0e29d6c767b2c2ed_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2a5e5bc190dc8502e863b531eab10b8e_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2cc93d07b8e579a1671a561e763eb162_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e4dddb5b8de48293e04f7e62856a373_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\304c542fef43c2a61f6732d6bd5e6d44_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\323925c5a67f9a41160240b1464df314_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\32ded54ecc8db00a6002887a6928c72e_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\33489ae16f9a9ec645e021cc42e8b3d3_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\367989e2f6bcb25f4315929f747879a3_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\36cd2ef4876068486f8be5193e16877c_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3b0c27d724def8adda24866f03b80695_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d1ffd81ba78ebb4a092770f2b367c4d_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e3b0caba1d11c5cb0514b83869a55ee_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3f15be3178a1abf959fccc7346739f49_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\401eec9faa7f125d6f92da601c721461_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\409c21fec4db4cb27621fdc1b0995f6a_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\40d60d83d9054b2913f545b96fb2d9da_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\42ba38ba7d75a215e9679fe86b304e92_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\43b4464e0e884baca979b0981c9463fc_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4759485c93d5ddb4178855aca0a5f566_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4819349e3ed32100f9427152575b2a8a_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\48c967ad14b19a8e53157fcfa82d6953_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a213636edec9a090d6c3b3fa1f6fae5_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4b17c8e197c0c4083d58140b5f2bd156_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c2e9c86b398366f8dc7e298397e3149_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c3f5a1c1cd77dd74cc02ea2ffea19ba_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f7cfcd9e3cb2bbbf4eb49d63aa31f5d_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5396a8445799ab527db06c17f6e37dd1_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\53b12ee111f8131947ec8a055a70a671_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\54d68221915ffa90b7253d31e4e70aea_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5889e4a25e23641df2ebbe6619b2c210_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\58de5deaa2d9172714b3cfb9b9ba42ad_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\59c63b3e19ebead049894ebce8ae1aa3_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a3811b2bc358a9810c469464754dfe8_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b535fa22d987b6955387e4ce5daf333_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c479129bdb7fe64157c49e441b1f8c6_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\64da4e61a074a8686b23a2711ff12abb_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a22a7789defe2e974ac5c7b90aa9511_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6f475e95b40d55e211c88641d4a7b767_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\71225652e217421dcc2965a45969d0ca_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\763c798a7d1687d7d0ba7a4cff3673e0_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\77403bdf880e30f473748c6b1c27c70b_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a57133807b805e97444cfc97ea42c6f_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c92bdb4510a7f67c74ff307733e87b2_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d158b01072a7bb598118e9b3369ddd7_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d84d8df20bbc76f10c34eec8aa5e1fb_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f63b6eed481dc350a20e477ed36aaa5_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\81034a5cb28ce2865c42e3a209f14ed7_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\89041db2d3ae839629387072c2b7bd9a_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b761374fd3c168ccd70286b804d418a_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8dc4c4373efc03c25485bb7cf98fb220_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8f186efbaa201a4a123b46bdb1cfe2e7_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9015a8381b21e96af0ff4ea5ead3a2c0_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\91bb3c1a2c4fcbfb875ae259bb1f4845_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\929996f90c9b82dabdbe90543a8edcea_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\965c9f7b1feb11cc8072d0daa3303537_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\97d4d62c6dda3f4d134481a915cc6592_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\98821774a98c3b935226ae13c96f46b9_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\99e51a4781c3b0237dfa3b39d510e80c_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a5f5f3ffa34fadb59491a9346afb114_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9a65896c57ccb62ef97b58fb52b804c0_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a25a3f60985c92817d51c3db5a67399d_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a39f1aeb43962535391d0e7202b25c6b_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a53e629aa88d97b5cd7e5927ec3d95c7_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a728170c1546d1c04c22b24c7b8ab2b0_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\aacefd1c7df2ec6a71eb66bf4d5c2561_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac29a44abae055a8d994a438ec8e73f0_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac51dfdb61d7beb01ea0b2325a7dd358_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ad613f8b2822e3241c6ba8f9fefb43d6_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\aee03caaaa9913c99a7f5ee74b8618b6_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\afbbe06f65f51b5355b84f32306eb23e_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\aff6f1b517424886c64ac639746b705b_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b19d189fb1f5012bb4035c09028bbe06_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b26cbd68d3e64ebdde19b26071124fe1_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b672037e469f88fc5f4b3cc22b6dab4f_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b8b3eb8faae030583d50e2a82662ce61_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ba91bd31096214af28c155fd2b7cf167_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc81a886982bb0d8887a142533f9874c_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\bdd7877536956e489fbd8533114662a1_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\bfb2a1bd9c551c017cb75fd9a39f7dd3_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\bfe694f6295d5443a1a6abca92601576_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\bffda8480bc32eae07e1d4ca3dfa57f0_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c10a4156151139f88b2ef0645d1987df_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c1c5f57ec5d01b655cf47b285e7b788e_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c577088af7194803a2f3e21c41874e55_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6eede6566f63110806cfaed103dfa5c_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c96cfec02d045ac5de067a1474c3e890_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd0a5412f2596c3a760de9752105b089_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd3e0ded7442815ea016e434ee162a78_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d158f15b9526c430257bc48755be0839_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d3004de18e73069d7fa9f21e003eeb7c_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4e64a01f677c716ce1cace9b8aa6a64_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d55b0837c8813b489e5d4f9b7887d634_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d777cd4c30b50a02df3b74e7b8fc6166_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\da7ce89d82b67e978a3d28d8427e7681_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc580364af246d819f6c91831832c5f8_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\deb98b0cf846e983fe0bc90939b78ba8_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e23837be583652981dc877452786bdae_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2e1110e8240ea00b46a2a4f2b5df03b_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ec5f533de6a2a8c13dc7d4ab090e09ca_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed9924c95234ca52df7e30e24d96a4ec_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\edfa7fca5c9f53dde0fb38a4b12e13b6_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee5a7fa51f001caf970338a11ed3cb2d_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee669aeceba0bcc349a7dcc3eec82172_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\efe0834ca3aa61f5967f6ef920b73124_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f67a4d4715af92297f3f370c68639b0c_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f78a4352007d488d744a6d3b8a8c27f6_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8a11fd6293a18060426a03b2e10398a_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8a1fede868b7b58ba9df4359fa31e66_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8e5f66262e793046189fd92471c24c0_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb85d512df71b3e6aa71915f10d80b66_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff11b88d03867be2bc86906cbe7ddc82_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff42b9a06b300aa0ecde5770dbebdff3_adfe4ea2-fd1d-4981-a56e-a172a6c70a8a Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\david gibb\My Documents\My Videos\New Folder\Calgary 3 Teen Lesbians.mpeg Object is locked skipped

C:\Documents and Settings\david gibb\My Documents\My Videos\New Folder\gaping pussy & rim job.wmv Object is locked skipped

C:\Documents and Settings\david gibb\My Documents\My Videos\New Folder\ghetto bleepes (1).mpg Object is locked skipped

C:\Documents and Settings\david gibb\My Documents\My Videos\New Folder\Girls gone wild - video 4.wmv Object is locked skipped

C:\Documents and Settings\david gibb\My Documents\My Videos\New Folder\Huge Tits Bouncing Sex.mpeg Object is locked skipped

C:\Documents and Settings\david gibb\My Documents\My Videos\New Folder\Jenna Jameson (Boat sex).avi Object is locked skipped

C:\Documents and Settings\david gibb\My Documents\My Videos\New Folder\Jenna Jameson - Virtual Sex_3.mpg Object is locked skipped

C:\Documents and Settings\david gibb\My Documents\My Videos\New Folder\mo_ass (1).mpg Object is locked skipped

C:\Documents and Settings\david gibb\My Documents\My Videos\New Folder\teen sex squirter masterbation ejaculation (1).avi Object is locked skipped

C:\Documents and Settings\david gibb\My Documents\My Videos\New Folder\teen_sex_LOLITAS_Bobbi Anal Swallow _2.mpg Object is locked skipped

C:\Documents and Settings\david gibb\My Documents\My Videos\New Folder\Thumbs.db Object is locked skipped

C:\Documents and Settings\david gibb\My Documents\My Videos\New Folder\XXExtremly Big Pussy XXXX.mpe Object is locked skipped

C:\Documents and Settings\david gibb.DAVID-BB8OD69U2\My Documents\New Folder\004.mpeg Object is locked skipped

C:\Documents and Settings\david gibb.DAVID-BB8OD69U2\My Documents\New Folder\2.mpeg Object is locked skipped

C:\Documents and Settings\david gibb.DAVID-BB8OD69U2\My Documents\New Folder\4.mpeg Object is locked skipped

C:\Documents and Settings\david gibb.DAVID-BB8OD69U2\My Documents\New Folder\group_3.wmv Object is locked skipped

C:\Documents and Settings\david gibb.DAVID-BB8OD69U2\My Documents\New Folder\kj.mpeg Object is locked skipped

C:\Documents and Settings\david gibb.DAVID-BB8OD69U2\My Documents\New Folder\kojm.wmv Object is locked skipped

C:\Documents and Settings\david gibb.DAVID-BB8OD69U2\My Documents\New Folder\sara.wmv Object is locked skipped

C:\Documents and Settings\david gibb.DAVID-BB8OD69U2\My Documents\New Folder\Thumbs.db Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Terena\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Terena\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Terena\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Terena\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Terena\Local Settings\Temp\Temporary Internet Files\Content.IE5\TITMYI7I\egaccess4_1064_XP[1].cab/egaccess4_1064.dll Infected: not-a-virus:Porn-Dialer.Win32.EgroupDial.aa skipped

C:\Documents and Settings\Terena\Local Settings\Temp\Temporary Internet Files\Content.IE5\TITMYI7I\egaccess4_1064_XP[1].cab CAB: infected - 1 skipped

C:\Documents and Settings\Terena\Local Settings\Temp\~DF820B.tmp Object is locked skipped

C:\Documents and Settings\Terena\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Terena\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Terena\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\Program Files\HijackThis\backups\backup-20060920-193010-155.dll Infected: not-a-virus:Porn-Dialer.Win32.EgroupDial.aa skipped

C:\Program Files\HijackThis\backups\backup-20060920-193011-787.dll Infected: not-a-virus:Porn-Dialer.Win32.EgroupDial.x skipped

C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\DAVID-BB8OD69U2.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\ModemLog_Lucent Win Modem.txt Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\EGACCESS.dll Infected: not-a-virus:Porn-Dialer.Win32.EgroupDial.x skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_4e4.dat Object is locked skipped

C:\WINDOWS\Temp\ZLT02128.TMP Object is locked skipped

C:\WINDOWS\Temp\ZLT03c12.TMP Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


:thumbsup:

#15 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 27 September 2006 - 10:39 AM

Hey mistyroze, I'm really sorry for the delay in getting back to you.

======

Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible, especially whilst in Safe Mode (you can't use the Internet)

======

The FindLOP log is just what I wanted to hear: you are free from a LOP infection that i thought may be hiding from us.

======

Please download ATF Cleaner by Atribune.
Don't run it yet!

======

Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install Ewido by double clicking the installer.
  • Follow the prompts. Make sure that Launch Ewido is checked.
  • On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
    Note: If the Update now option is grayed out, follow the steps below.
  • Click on Update on the toolbar.
  • Under Manual update, click on the Start Update button.
  • Wait until you see the Update succesfull message.
[*]Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
[/list]If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.

======

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
======

Now we'll run the AFT Cleaner I had you download earlier. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

======

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
======

Next, please find and delete the following files/folders (if present):

C:\WINDOWS\system32\EGACCESS.dll <--This file

======

Reboot into Normal Mode again.

======

I see from your KAV log that there is another user account present. There may be some settings unique to that account that have been affected by this malware. If possible, please post a HijackThis log while logged into the other account and let me know if there are any others.

======

Please post back with the following (you may need more than one reply):
- New HijackThis log
- If possible, a log from the other account
- Ewido log

Thanks, and once again, I apologise for the delay.
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users